Re: How to deny user changing his own password?

From: Jan Wieck <JanWieck(at)Yahoo(dot)com>
To: "Trewern, Ben" <Ben(dot)Trewern(at)mowlem(dot)com>
Cc: adeon <adeon(at)tlen(dot)pl>, pgsql-general(at)postgresql(dot)org
Subject: Re: How to deny user changing his own password?
Date: 2003-05-29 16:44:38
Message-ID: 3ED638F6.5060301@Yahoo.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Trewern, Ben wrote:
> Now I think about this it would be useful: I have an Access database
> which connects to postgres and the password is saved in the access
> frontend. If someone (not sure how!) runs ALTER USER ..... WITH
> PASSWORD '....'; via the frontend they could disrupt the connection to
> the postgres backend. I'm sure a similar situation could happen with
> PHP or similar as you often don't use the postgres security features to
> secure your application.

This is the second worst possible reason I can imagine for a feature
like this. Passwords coded into the frontend ... gosh!

Jan

--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Network Administrator 2003-05-29 17:03:39 Re: Blocking access to the database??
Previous Message Trewern, Ben 2003-05-29 16:36:04 Re: How to deny user changing his own password?