>
> >
> > On Tue, 24 Feb 1998, Jan Wieck wrote:
> >
> > > CREATE TABLE xpg_usr (
> > > usename name,
> > > usesysid int4,
> > > usecreatedb bool,
> > > usetrace bool,
> > > usesuper bool,
> > > usecatupd bool,
> > > passwd text,
> > > valuntil abstime);
> > >
> > > UPDATE pg_class SET relname = 'pg_usr'
> > > WHERE relname = 'xpg_usr';
> > >
> > > CREATE RULE _RETpg_usr AS ON SELECT TO pg_usr
> > > DO INSTEAD
> > > SELECT usename, usesysid, usecreatedb,
> > > usetrace, usesuper, usecatupd,
> > > '********'::text as passwd, valuntil
> > > FROM pg_user;
> > >
> > > REVOKE ALL ON pg_user FROM public;
> >
> > Okay, just so that I don't mess things up in the translation...do
> > you want to send me an appropriate patch for this?
> >
> > > > But as it was done in most UN*X's, could we rename the
> > > > pg_user containing the password into pg_shadow and then
> > > > create a view pg_user that just stars out the password field?
> > > > This way no existing application code (not even the JDBC
> > > > etc.) needs any changes, except for the createuser etc.
> > > > tools that always get installed with the new release.
> > >
> > > Still vote for this. And as soon as we finally choose one
> > > name for the public pg_user view we must fix createuser.sh,
> > > createdb.sh and so on to make their checks on the public
> > > accessible view so they still print the proper error messages
> > > instead of
> >
> > No arguments here...can you include this as part of your patch
> > too?
>
> Will do so.
The more I think about it, the more I like pg_shadow. Maybe we can do
that in enough time for testing. No one's code has to change then, and
this is a big win.
--
Bruce Momjian | 830 Blythe Avenue
maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)