On Tue, Jun 15, 2004 at 11:43:08AM -0400, Bill Moran wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> wrote:
> > Bill Moran wrote:
> > > Bruce Momjian <pgman@candle.pha.pa.us> wrote:
> > > > Chris Ochs wrote:
> > > > > What if SET SESSION AUTHORIZATION could also accept a password so that non
> > > > > superusers could switch to a different user? How difficult would this be?
>
> Not to start an argument, but you could reverse that logic and say "Do you want
> to hurt the smart, ssl users by not including helpful functionality that could
> be dangerous to uneducated non-ssl users?"
> ...
> So, the question becomes one of design philosophy
> (at least, I'm basing this on the concept that actual implementation
> would not be too hard, correct me if I'm wrong)
How about each user can set up a list of authorised users that
are allowed to switch to their username.
This would then follow the same model as authorized_keys/.rhosts in
ssh/rsh
user1 could then call something like
> GRANT SESSION TO user2
which would allow user2 to switch to user1
Would it also be possible to restrict the grants when doing this?
e.g.
> GRANT SESSION SELECT ON DATABASE foo TO user2
> GRANT SESSION UPDATE ON TABLE bar TO user2
Which would allow updates to be made to table bar after the switch.
-Mark
