From: | "Mike Miller" <temp6453(at)hotmail(dot)com> |
---|---|
To: | kb136(at)hszk(dot)bme(dot)hu |
Cc: | martin(at)math(dot)unl(dot)edu(dot)ar, mfork(at)toledolink(dot)com, pgsql-hackers(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org |
Subject: | Re: [HACKERS] Re: Re: grant privileges to a database [URGENT] |
Date: | 2001-02-05 20:04:50 |
Message-ID: | F5258Nqm4PheayLc27p00001bc2@hotmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
Hrm- I'd love to know where this patch is. I don't see how that quite
breaks PG_DUMPALL though. Really if your logged in as a superuser
(postgres) you should be able to use all the databases and dump all of the
data. Am I the only one that doesn't see where the problem is? How about a
patch that says 'if the user that created the database is not the current
user, then reject- otherwise accept'. I could go for that. Though access
control would be nice, I could log in as a superuser, make a user with the
ability to make databases, login as that user, make the databases I need,
then login as postgres and revoke the privilages of creating databases.
Suddenly you can only access databases you created and its as easy as that
(a few PHP lines if you ask me) to make new databases. Wouldn't it just be
a simple IF statement to see if the current user is the database owner [or
if they have the superuser ID set]?
Am I not seeing the big picture?
--
Mike
>From: Kovacs Baldvin <kb136(at)hszk(dot)bme(dot)hu>
>To: Mike Miller <temp6453(at)hotmail(dot)com>
>CC: martin(at)math(dot)unl(dot)edu(dot)ar, mfork(at)toledolink(dot)com,
>pgsql-hackers(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org
>Subject: Re: [HACKERS] Re: Re: grant privileges to a database [URGENT]
>Date: Mon, 5 Feb 2001 20:13:38 +0100 (MET)
>
>Hello
>
>A few weeks ago I was interested in this question. My results were:
>- Yes, this is a sorrowful but true fact that if you enable access to
> someone to a database, she is automatically enabled to create
> objects in it.
>- Yes, the developers know it, and they said: there is a patch existing
> to workaround it.
>- No, they don't include it in 7.1. The reason: if you use that patch,
> pg_dumpall will not work. If somebody will have the strength in
> him to fix it, than it will be considered to include it in the base.
>
>After collecting these informations from more experienced people,
>I calmed down. Since I am in the beginning of creating my project,
>I think for the time when I will need it, it will be ready.
>
>Anyway, I do not know where this patch is. If you don't bother
>about pg_dumpall, ask a developer (a am only a wannabe developer)
>about it.
>
>If anyone detects that I wrote silly things, please do correct me.
>
>Bye,
>Baldvin
>
>
>
>
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
From | Date | Subject | |
---|---|---|---|
Next Message | Brett W. McCoy | 2001-02-05 20:22:31 | Re: Import Database |
Previous Message | Martin A. Marques | 2001-02-05 19:52:07 | Re: [HACKERS] Re: Re: grant privileges to a database [URGENT] |
From | Date | Subject | |
---|---|---|---|
Next Message | Mathieu Dube | 2001-02-05 20:12:23 | with -g and libpq.a ... |
Previous Message | Martin A. Marques | 2001-02-05 19:52:07 | Re: [HACKERS] Re: Re: grant privileges to a database [URGENT] |