Postgres Pro
Downloads
Home   >   mailing lists

Re: Open 7.3 items - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Open 7.3 items
Date
Msg-id 200208170417.g7H4HDL06336@candle.pha.pa.us
Whole thread Raw
In response to Re: Open 7.3 items  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Open 7.3 items  (Lee Kindness <lkindness@csl.co.uk>)
List pgsql-hackers
Tree view 
Sample run:$ psql -U postgres testpsql: FATAL:  user "postgres@test" does not exist
$ psql -U postgres@ testWelcome to psql 7.3devel, the PostgreSQL interactive terminal.Type:  \copyright for
distributionterms       \h for help with SQL commands       \? for help on internal slash commands       \g or
terminatewith semicolon to execute query       \q to quittest=> 
 

---------------------------------------------------------------------------

Tom Lane wrote:
> BTW, I just thought of a small improvement to your patch that eliminates
> some of the ugliness.  Suppose that when we recognize an attempt to
> connect as a global user (ie, feature flag is on and last character of
> username is '@'), we strip off the '@' before proceeding.  Then we would
> have:
>     global users appear in pg_shadow as foo
>     local users appear in pg_shadow as foo@db
> and what this would mean is that you can flip between feature-enabled
> and feature-disabled states without breaking your global logins.  So you
> don't need the extra step of creating a "postgres@" before turning on
> the feature.  (Which was pretty ugly anyway, since even though postgres@
> could be made a superuser, he wouldn't be the same user as postgres ---
> this affects table ownership, for example, and would be a serious issue
> if you wanted any non-superuser global users.)
> 
> I suppose some might argue that having to say postgres@ to log in,
> when your username is really just postgres as far as you can see in the
> database, is a tad confusing.  But the whole thing is an acknowledged
> wart anyway, and I think getting rid of the two problems mentioned above
> is worth it.
> 
> Also, if we do this then it's important to strip a trailing '@' only
> if it's the *only* one in the given username.  Else a local user
> 'foo@db1' could cheat to log into db2 by saying username = 'foo@db1@'
> with requested database db2.  But I can't see any other security hole.
> 
>             regards, tom lane
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073

pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Open 7.3 items
Next
From: Tom Lane
Date:
Subject: Re: Function result cacheing