Re: Password sub-process ... - Mailing list pgsql-hackers

From Marc G. Fournier
Subject Re: Password sub-process ...
Date
Msg-id 20020730114750.U61995-100000@mail1.hub.org
Whole thread Raw
In response to Password sub-process ...  ("Marc G. Fournier" <scrappy@hub.org>)
Responses Re: Password sub-process ...
Re: Password sub-process ...
List pgsql-hackers
On Tue, 30 Jul 2002, Andrew Sullivan wrote:

> On Tue, Jul 30, 2002 at 12:43:52AM -0300, Marc G. Fournier wrote:
>
> > since as soon as there are two 'bruce' users, only one can have a password
>
> I guess I don't understand why that's a problem.  I mean, if you're
> authenticating users, how can you have two with the same name?  It's
> just like UNIX usernames, to my mind: they have to be unique on the
> system, no?

I think that is the problem with everyone's "thinking" ... they are only
dealing with 'small servers', where it only has a couple of databases ...
I'm currently running a server with >100 domains on it, each one with *at
least* one database ... each one of those domains, in reality, *could*
have a user 'bruce' ...

note that I run virtual machines ... so each one fo those 'domains' has
their own password files, so I can't say to 'client A' that 'client B'
already has user 'bruce', so you can't use it, even though its unique to
your system ...

And, I don't want to run 100 pgsql instances on the server, since either
I'd have to have one helluva lot of RAM dedicated to PgSQL, or have little
tiny shared memory segments available to each ...

actually, let's add onto that ... let's say every one of those 100 pgsql
databases is accessed by PHPPgAdmin, through the web ... so, with a
'common password' amongst all the various 'bruce's, I could, in theory, go
to any other domain's PHPPgAdmin, login and see their databases (major
security problem) ... the way it was before, I could setup a password file
that contained a different password for each of those domains, so that
bruce on domain 1 couldn't access domain 2's databases ... or vice versa
...

I've CC'd this back into the list, mainly because I think others might be
'thinking within the box' on this :(



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: creating aggregates that work on composite types (whole tuples)
Next
From: Hannu Krosing
Date:
Subject: Re: creating aggregates that work on composite types