| From: | Jan Wieck <JanWieck(at)Yahoo(dot)com> |
|---|---|
| To: | ivan <iv(at)psycho(dot)pl> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg_user |
| Date: | 2003-10-30 21:48:03 |
| Message-ID: | 3FA18713.3000400@Yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
ivan wrote:
> you can also patch your kernel and when you write cat /etc/passwd system
> give you only your line , whitout any others users, so exacly what you
> need ,
> in pgsql i think that users dont need to know about others , and also
> them
> databases, i call it security :)
No, it's not security, it is obscurity. The point is that this
modification is not backward compatible and the only scenario I can
imagine where it would be good to have this is for a hosting provider
who want's to cram up multiple hosted databases under one postmaster.
I am not per se against such change. It never striked me as a good idea
in general that we only have the one, shared pg_shadow catalog and all
databases share all users. So I think what I try to say is ... back to
the drawing board, because your initial solution is not acceptable.
Jan
>
> On Mon, 27 Oct 2003, Jan Wieck wrote:
>
>> ivan wrote:
>>
>> > hi
>> >
>> > can we change initdb when view pg_user is createing to :
>> >
>> > CREATE VIEW pg_user AS \
>> > SELECT \
>> > usename, \
>> > usesysid, \
>> > usecreatedb, \
>> > usesuper, \
>> > usecatupd, \
>> > '********'::text as passwd, \
>> > valuntil, \
>> > useconfig \
>> > FROM pg_shadow WHERE usename = SESSION_USER;
>>
>> No, at least not without a complete proposal how to retain the current
>> behaviour of pg_tables, pg_views, psql's \d and other places that rely
>> on pg_user being able to display all users.
>>
>> It's the same thing with your /etc/passwd. chmod o-rwx /etc/passwd will
>> hide the usernames but break many utilities. If you don't want someone
>> to know all the logins, don't give him one.
>>
>>
>> Jan
>>
>> --
>> #======================================================================#
>> # It's easier to get forgiveness for being wrong than for being right. #
>> # Let's break this rule - forgive me. #
>> #================================================== JanWieck(at)Yahoo(dot)com #
>>
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-10-30 22:25:02 | Re: Please help |
| Previous Message | Tom Lane | 2003-10-30 21:38:43 | Re: [BUGS] Autocomplete <TAB> on Postgres7.4beta5 not working? |