On 12/05/14 06:09, Adrian Klaver wrote:
On 05/11/2014 10:17 AM, Ravi Roy wrote:
Thanks a lot Tom, it worked by putting off the read only mode to off
before changing the password and putting it on again.
SET default_transaction_read_only = off;
Worked for me..
It works but the point Tom was making is here:
"You realize, I hope, that breaking out of that restriction is no harder
than issuing
SET default_transaction_read_only = off;
or even
BEGIN TRANSACTION READ WRITE;
So that ALTER ROLE might be of some use as a protection against accidental
changes, but it's certainly no form of security restriction. (What you
probably want to do instead of this is make sure the role doesn't have
select/update/delete privileges for any of your tables.)
"
Given that in your original post you said:
"Because I wanted this role to readonly (can not change anything in DB but only view)."
you might want to rethink what you are doing.
Many thanks to you!
Regards
Ravi
I suggest that you move the password to a separate table (my_role_password) with 2 columns:
- my_role_id
- password.
This way you can make the my_role table totally unalterable by the user, yet they can change their own password.
Actually, you should NOT be storing passwords in plain text, they should be stored as a secure hash (better than MD5).
Cheers,
Gavin
