Can I have a TODO for this?
---------------------------------------------------------------------------
Tom Lane wrote:
> Gavin Sherry <swm@linuxworld.com.au> writes:
> > On Tue, 12 Aug 2003, Andrew Dunstan wrote:
> >> Is this a security hole? Looks like one to me. Would it be better to use
> >> a sequence generator for sysids instead of using max+1 on the user
> >> table? Or else store the last sysid used somewhere?
>
> > This issue has been discussed before and it was agreed that since most
> > UNIX systems will behave in the same way, there's no way to know. Also, it
> > is not possible for a given database to know the max(sysid) of pg_user in
> > another database.
>
> You forget that pg_shadow is a shared (cluster-wide) table.
>
> I believe we could make a shared sequence object, too, if we wanted to
> go the sequence route.
>
> Right at the moment I like both ideas: a shared sequence to generate new
> sysids, and don't ever delete pg_shadow rows. One attraction of the
> sequence generator is that scans over pg_shadow could get rather tedious
> if we follow the latter policy. But with a sequence, CREATE USER
> wouldn't need to do a scan.
>
> Something else that should be factored into any redesign of pg_shadow is
> the notion of combining users and groups, at least to the extent of
> having a common sysid space for both. See discussion started by Peter
> a month or two back (I think thread title mentioned "roles").
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073
