From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Wolfgang Walther <walther(at)technowledgy(dot)de>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: User with BYPASSRLS privilege can't change password |
Date: | 2020-11-03 18:17:23 |
Message-ID: | 958390.1604427443@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> @@ -739,7 +741,6 @@ AlterRole(AlterRoleStmt *stmt)
>> createrole < 0 &&
>> createdb < 0 &&
>> canlogin < 0 &&
>> - isreplication < 0 &&
>> !dconnlimit &&
>> !rolemembers &&
>> !validUntil &&
> This seems like an independent change..? Not saying it's wrong though.
That test is redundant, since we wouldn't be in this path at all if
isreplication >= 0. You could alternatively argue that this should
redundantly test all three of issuper, isreplication, and bypassrls;
but testing just one of them is confusing and hence bug-prone.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2020-11-03 18:19:01 | Re: User with BYPASSRLS privilege can't change password |
Previous Message | Stephen Frost | 2020-11-03 18:06:42 | Re: User with BYPASSRLS privilege can't change password |