| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Wolfgang Walther <walther(at)technowledgy(dot)de>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: User with BYPASSRLS privilege can't change password |
| Date: | 2020-11-03 18:17:23 |
| Message-ID: | 958390.1604427443@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> @@ -739,7 +741,6 @@ AlterRole(AlterRoleStmt *stmt)
>> createrole < 0 &&
>> createdb < 0 &&
>> canlogin < 0 &&
>> - isreplication < 0 &&
>> !dconnlimit &&
>> !rolemembers &&
>> !validUntil &&
> This seems like an independent change..? Not saying it's wrong though.
That test is redundant, since we wouldn't be in this path at all if
isreplication >= 0. You could alternatively argue that this should
redundantly test all three of issuper, isreplication, and bypassrls;
but testing just one of them is confusing and hence bug-prone.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-11-03 18:19:01 | Re: User with BYPASSRLS privilege can't change password |
| Previous Message | Stephen Frost | 2020-11-03 18:06:42 | Re: User with BYPASSRLS privilege can't change password |