| From: | Scott Moser <smoser(at)saintjoe(dot)edu> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | multi-user/password problem. |
| Date: | 1998-09-21 20:22:58 |
| Message-ID: | Pine.LNX.3.96.980921151403.13592D-100000@brickies.saintjoe.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
I've recently been playing with postgres-6.3.2 in a testing mulit-user
environment. I've come across a problem that others have noted on the
list, but I've never seen an suggested solution to it.
My experience is that a user can either change ALL passwords (if the user
has "create user" status) or NO passwords (including his own) via the
"alter user with password ----" command.
I'm looking to use postgres in a multi-user environment, which could
possibly have malicious users who would change other users passwords, or
destroy other user's databases if they were able to.
To avoid such a predicament, I can simply create all users with no ability
to change passwords. However, that means that if a user wants/needs his
password changed, they'll have to contact the administrator to do so.
Is there a way around this administrator-intensive solution?
please reply to me in addition to the list as I am not currently
subscribed.
Thanks in Advance.
Scott
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hubli, Basavaraj | 1998-09-22 08:16:25 | PostgreSQL: A Clarification |
| Previous Message | Marc Eggenberger | 1998-09-21 19:40:27 | Import from Mac DB |