From: | Jan Wieck <JanWieck(at)Yahoo(dot)com> |
---|---|
To: | "Trewern, Ben" <Ben(dot)Trewern(at)mowlem(dot)com> |
Cc: | adeon <adeon(at)tlen(dot)pl>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: How to deny user changing his own password? |
Date: | 2003-05-29 16:44:38 |
Message-ID: | 3ED638F6.5060301@Yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Trewern, Ben wrote:
> Now I think about this it would be useful: I have an Access database
> which connects to postgres and the password is saved in the access
> frontend. If someone (not sure how!) runs ALTER USER ..... WITH
> PASSWORD '....'; via the frontend they could disrupt the connection to
> the postgres backend. I'm sure a similar situation could happen with
> PHP or similar as you often don't use the postgres security features to
> secure your application.
This is the second worst possible reason I can imagine for a feature
like this. Passwords coded into the frontend ... gosh!
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
From | Date | Subject | |
---|---|---|---|
Next Message | Network Administrator | 2003-05-29 17:03:39 | Re: Blocking access to the database?? |
Previous Message | Trewern, Ben | 2003-05-29 16:36:04 | Re: How to deny user changing his own password? |