Re: Per database users/admins, handy for database virtual hosting... - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Per database users/admins, handy for database virtual hosting...
Date
Msg-id 18521.1080273279@sss.pgh.pa.us
Whole thread Raw
In response to Re: Per database users/admins, handy for database virtual hosting...  (Sean Chittenden <sean@chittenden.org>)
Responses Re: Per database users/admins, handy for database virtual hosting...  (Sean Chittenden <sean@chittenden.org>)
List pgsql-hackers
Sean Chittenden <sean@chittenden.org> writes:
>> Come to think of it, the same risk of conflict applies for user 
>> *names*, and we can't easily make an end-run around that.

> That's why I used UNION ALL in my example.  Reserved usernames that are 
> in the cluster should be just as valid as usernames that are in the 
> local database table.

I don't follow.  You can't think that allowing the same name to appear
globally and locally is a good idea.  If I say "GRANT TO foo", who am
I granting privileges to?  And I don't want to say that there is no
difference because they are the same user.  That will open up some nasty
security holes, eg, being able to pretend that you are the global
postgres superuser if you can set the password for a local user by the
same name.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Sean Chittenden
Date:
Subject: Re: Per database users/admins, handy for database virtual hosting...
Next
From: mike g
Date:
Subject: Returning number of rows - Copy In function