Re: Please advice TODO Item pg_hba.conf - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Please advice TODO Item pg_hba.conf
Date
Msg-id 18785.1145834309@sss.pgh.pa.us
Whole thread Raw
In response to Re: Please advice TODO Item pg_hba.conf  (Alvaro Herrera <alvherre@commandprompt.com>)
Responses Re: Please advice TODO Item pg_hba.conf
List pgsql-hackers
Alvaro Herrera <alvherre@commandprompt.com> writes:
> Gevik Babakhani wrote:
>> Of course a TABLE owner can revoke privileges from himself. But why
>> would a DATABASE owner want to lock himself out from CONNECTING to his
>> database.

> I don't know :-)  If it doesn't make sense for somebody, then she won't
> do it.

> It's not like we are going out of our way to allow somebody to revoke
> the privileges from oneself.  We are just keeping the thing as simple as
> possible.

There is a good, defensible reason for this: the behavior of
security-related commands should be as simple and unsurprising as
possible.  Weird special cases added in the name of improving usability
are likely to do the opposite.  What would you expectREVOKE CONNECT ON DATABASE foo FROM foo_owner
to do, if not revoke his connect privileges?  Failing to do so could
be called a security vulnerability.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Please advice TODO Item pg_hba.conf
Next
From: Alvaro Herrera
Date:
Subject: Can't commit due to perl upgrade