On Tue, 2002-08-27 at 23:10, Tom Lane wrote:
> Oliver Elphick <olly@lfix.co.uk> writes:
> > This should cause no problem, because we have no
> > cross-database communication; it should be impossible for "george@dummy"
> > to have any connection with database "test".
>
> Not so; you need look no further than the owner column of pg_database
> to find a case where people can see usernames that might be local to
> other databases. Group membership lists might well contain users
> from multiple databases, too.
I suspect I have a different view of the ultimate aim of this feature.
If we go to a thorough solution for virtual local databases, local users
of other databases ought to be completely invisible. I suppose that
means that to a local user, pg_database would be a view showing only
template[01] and the local database. pg_shadow, too, would show only
global users and local users in the same database.
I can't see how a group within a local database could contain users from
other databases. In the context in which this is being used, each
database belongs to a different customer; each database needs to be
invisible to other customers. How then should it be possible to have
group lists containing users from different local databases? Groups
should be local as well as users.
Perhaps I like complicating things too much...
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight, UK
http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
======================================== "Use hospitality one to another without grudging."
I Peter 4:9