Home > mailing lists

Re: Per database users/admins, handy for database virtual hosting... - Mailing list pgsql-hackers

From	Sean Chittenden
Subject	Re: Per database users/admins, handy for database virtual hosting...
Date	March 26, 2004 03:25:11
Msg-id	8B3E414A-7EDD-11D8-822F-000A95C705DC@chittenden.org Whole thread Raw
In response to	Re: Per database users/admins, handy for database virtual hosting... (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Per database users/admins, handy for database virtual hosting... Re: Per database users/admins, handy for database virtual hosting...
List	pgsql-hackers

Tree view

> You can't think that allowing the same name to appear
> globally and locally is a good idea.

Actually, I do think it is a good idea.

> If I say "GRANT TO foo", who am
> I granting privileges to?

SET username_precedence TO LOCAL,GLOBAL;   -- I like GLOBAL more than 
CLUSTER
GRANT TO foo;
SET username_precedence TO GLOBAL,LOCAL;
GRANT TO foo;

> And I don't want to say that there is no
> difference because they are the same user.

Agreed, they should be the same user.

> That will open up some nasty
> security holes, eg, being able to pretend that you are the global
> postgres superuser if you can set the password for a local user by the
> same name.

Agreed, but if a cluster is using LOCAL USERs, I doubt highly that 
CLUSTER/GLOBAL users would be in use much beyond super users.  -sc

-- 
Sean Chittenden

pgsql-hackers by date:

From: mike g
Date: 26 March 2004, 03:20:23
Subject: Returning number of rows - Copy In function

From: Sean Chittenden
Date: 26 March 2004, 03:38:54
Subject: Re: Per database users/admins, handy for database virtual hosting...

Re: Per database users/admins, handy for database virtual hosting... - Mailing list pgsql-hackers

Previous

Next