Re: REVOKE on ALTER USER, DROP USER

From: Tom Lane
Subject: Re: REVOKE on ALTER USER, DROP USER
Date: ,
Msg-id: 752.1183911778@sss.pgh.pa.us
(view: Whole thread, Raw)
In response to: REVOKE on ALTER USER, DROP USER  (Tjibbe)
List: pgsql-novice

Tree view

REVOKE on ALTER USER, DROP USER  (Tjibbe, )
 Re: REVOKE on ALTER USER, DROP USER  (Tom Lane, )
 Re: REVOKE on ALTER USER, DROP USER  (Tjibbe, )
 Re: REVOKE on ALTER USER, DROP USER  (Tjibbe, )

Tjibbe <> writes:
> Hello, Is het possible tot REVOKE the ALTER USER command? In such a way tha=
> t users cannot change their password and username? And also cannot delete t=
> hemeself with DROP USER?

Ordinary users (those without superuser or createrole privilege) can't
do any of that except change their own password ... and I don't see a
particularly good argument for preventing them from doing that.

> Now I solve the problem in PHP, to filter de SQL query string behore sendin=
> g to postgresql as follows:

If you're allowing untrusted sources to provide chunks of SQL to be
executed directly, you've got problems far worse than this one.

            regards, tom lane


pgsql-novice by date:

From: Tjibbe
Date:
Subject: Re: REVOKE on ALTER USER, DROP USER
From:
Date:
Subject: Windows XP Install Problem