Home > mailing lists

Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Date	February 19, 1998 15:20:28
Msg-id	199802191719.MAA05743@candle.pha.pa.us Whole thread Raw
In response to	AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) (Zeugswetter Andreas SARZ <Andreas.Zeugswetter@telecom.at>)
Responses	Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) (The Hermit Hacker <scrappy@hub.org>)
List	pgsql-hackers

Tree view

>
> The command
> copy pg_user to stdout;
>
> will also show the cleartext password and I think it is hard to do a rewrite
> here,
> since this would also affect the pg_dump ?

OK, I have committed code that removes the REVOKE from initdb, and does
not allow them to do any adding or altering of users if there is a
password involved AND the ACL for pg_user is null.  It prints a nice
message telling them they need to issue the REVOKE command so normal
users can't read the passwords.

If they use user passwords psql \d does fail if you do this.  Do we want
to duplicate the query without the pg_user reference if the \d query
fails?

--
Bruce Momjian
maillist@candle.pha.pa.us

pgsql-hackers by date:

From: David Wetzel
Date: 19 February 1998, 15:14:08
Subject: Re: [PORTS] Platform status

From: The Hermit Hacker
Date: 19 February 1998, 15:29:09
Subject: Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) - Mailing list pgsql-hackers

Previous

Next