Home > mailing lists

Re: How to deny user changing his own password? - Mailing list pgsql-general

From	nolan@celery.tssi.com
Subject	Re: How to deny user changing his own password?
Date	May 29, 2003 17:18:06
Msg-id	20030529181801.3793.qmail@celery.tssi.com Whole thread Raw
In response to	How to deny user changing his own password? ("adeon" <adeon@tlen.pl>)
Responses	Re: How to deny user changing his own password? (Bruno Wolff III <bruno@wolff.to>) Re: How to deny user changing his own password? (Network Administrator <netadmin@vcsn.com>)
List	pgsql-general

Tree view

> This is the second worst possible reason I can imagine for a feature
> like this. Passwords coded into the frontend ... gosh!

Depending on the application, coding a password into the front end can
be a necessary condition.  Think of a PHP web page script that makes
database calls.  How are you going to prevent other unauthorized
connections from that system?  Passwords aren't a perfect security
device, but they're generally better than no password.

I could see some merit to a 'LOCK' option on the alter user command, so that
the password can only be changed by a superuser.
--
Mike Nolan

pgsql-general by date:

From: Bruno Wolff III
Date: 29 May 2003, 16:25:38
Subject: Re: Blocking access to the database??

From: Andrew Sullivan
Date: 29 May 2003, 17:31:07
Subject: Re: Moving a table to a different schema

Re: How to deny user changing his own password? - Mailing list pgsql-general

Previous

Next