Re: How to deny user changing his own password? - Mailing list pgsql-general

From nolan@celery.tssi.com
Subject Re: How to deny user changing his own password?
Date
Msg-id 20030529181801.3793.qmail@celery.tssi.com
Whole thread Raw
In response to How to deny user changing his own password?  ("adeon" <adeon@tlen.pl>)
Responses Re: How to deny user changing his own password?
Re: How to deny user changing his own password?
List pgsql-general
> This is the second worst possible reason I can imagine for a feature
> like this. Passwords coded into the frontend ... gosh!

Depending on the application, coding a password into the front end can
be a necessary condition.  Think of a PHP web page script that makes
database calls.  How are you going to prevent other unauthorized
connections from that system?  Passwords aren't a perfect security
device, but they're generally better than no password.

I could see some merit to a 'LOCK' option on the alter user command, so that
the password can only be changed by a superuser.
--
Mike Nolan

pgsql-general by date:

Previous
From: Bruno Wolff III
Date:
Subject: Re: Blocking access to the database??
Next
From: Andrew Sullivan
Date:
Subject: Re: Moving a table to a different schema