Home > mailing lists

Re: How to deny user changing his own password? - Mailing list pgsql-general

From	Bruno Wolff III
Subject	Re: How to deny user changing his own password?
Date	May 29, 2003 18:05:38
Msg-id	20030529190740.GB923@wolff.to Whole thread Raw
In response to	Re: How to deny user changing his own password? (nolan@celery.tssi.com)
Responses	Re: How to deny user changing his own password? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-general

Tree view

On Thu, May 29, 2003 at 13:18:01 -0500,
  nolan@celery.tssi.com wrote:
> > This is the second worst possible reason I can imagine for a feature
> > like this. Passwords coded into the frontend ... gosh!
>
> Depending on the application, coding a password into the front end can
> be a necessary condition.  Think of a PHP web page script that makes
> database calls.  How are you going to prevent other unauthorized
> connections from that system?  Passwords aren't a perfect security
> device, but they're generally better than no password.

You can use ident authentication.

> I could see some merit to a 'LOCK' option on the alter user command, so that
> the password can only be changed by a superuser.

That would only be useful if the account was shared, which is normally a bad
idea.

pgsql-general by date:

From: Roy Cabaniss
Date: 29 May 2003, 18:05:22
Subject: Re: exporting join results

From: Franco Bruno Borghesi
Date: 29 May 2003, 18:07:06
Subject: postgresql 7.3.3

Re: How to deny user changing his own password? - Mailing list pgsql-general

Previous

Next