Re: Granting Permissions to User To Access Database

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Radoslaw Stachowiak <radek(at)alter(dot)pl>
Cc: <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Granting Permissions to User To Access Database
Date: 2001-01-10 18:07:59
Message-ID: Pine.LNX.4.30.0101101904040.22819-100000@peter.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Radoslaw Stachowiak writes:

> > The problem with this approach is that if you do "revoke all on database
> > from all" you have hosed your system. Text files allow recovery in these
> > situations.
>
> thats completly wrong :) look at the whole UNIX dir permissions topic.
> Using postgres super user, there is NO check on permission (or at least
> there should not be).

But, unlike in Unix, you don't know what user a connection wants to be
before you have done authentication (pg_hba.conf), nor do you know whether
a user is a superuser before querying the database.

We could probably get past the first problem by separating the
_authentication_ and _authorization_ modules, and we could get by the
second issue by doing the connection, checking, and then disconnecting,
but that exposes the database to possible attacks by unprivileged users,
so it has to be evaluated carefully.

--
Peter Eisentraut peter_e(at)gmx(dot)net http://yi.org/peter-e/

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message David Mehringer 2001-01-10 18:26:14 multiple postmasters
Previous Message Radoslaw Stachowiak 2001-01-10 17:33:36 Re: Granting Permissions to User To Access Database