| From: | The Hermit Hacker <scrappy(at)hub(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: CREATE DATABASE WITH OWNER '??'; |
| Date: | 2000-05-09 21:19:18 |
| Message-ID: | Pine.BSF.4.21.0005091817210.777-100000@thelab.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 9 May 2000, Peter Eisentraut wrote:
> The Hermit Hacker writes:
>
> > If I give a second user 'create database' access, how does he add auth
> > privileges to that database?
>
> There are no privileges on databases per se. There are only host-based
> access privileges that may apply to all or some databases.
>
> The difficulty with putting the control over this into the SQL environment
> is two-fold:
>
> 1) You have a bootstrapping problem, because how are you going to set
> these privileges if you can't connect?
CREATE DATABASE WITH OWNER?
> 2) You don't necessarily want to start up a new backend for every rogue
> connection attempt.
Huh? So, we want to start up a backend for each connection to a database,
regardless of whether or not that connection has permission to be in that
database? Geez, let's think ... I'm not supposed to be in payrolls
database, but since all that is protected is the tables and not the
database itself, i can connect and just sit there, using up resources that
way ...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2000-05-09 21:27:44 | Re: You're on SecurityFocus.com for the cleartext passwords. |
| Previous Message | The Hermit Hacker | 2000-05-09 21:17:02 | Re: CREATE DATABASE WITH OWNER '??'; |