Postgres Pro
Downloads
Home   >   mailing lists

Re: How to deny user changing his own password? - Mailing list pgsql-general

From Trewern, Ben
Subject Re: How to deny user changing his own password?
Date
Msg-id 996802F75C3CD411B424001083FA445B534DFA@CET_PONXX_FP001
Whole thread Raw
In response to How to deny user changing his own password?  ("adeon" <adeon@tlen.pl>)
Responses Re: How to deny user changing his own password?  (Alvaro Herrera <alvherre@dcc.uchile.cl>)
List pgsql-general
Tree view

Now I think about this it would be useful:  I have an Access database which connects to postgres and the password is saved in the access frontend.  If someone (not sure how!) runs ALTER USER ..... WITH PASSWORD '....'; via the frontend they could disrupt the connection to the postgres backend.  I'm sure a similar situation could happen with PHP or similar as you often don't use the postgres security features to secure your application.

Regards,

Ben Trewern

-----Original Message-----
From: Jan Wieck [mailto:JanWieck@Yahoo.com]
Sent: 29 May 2003 14:52
To: adeon
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] How to deny user changing his own password?

adeon wrote:
> Hi
>
> My question is in subject.
> How can I deny user changing his own password using
> ALTER USER user WITH PASSWORD 'password'; ?

AFAIK you can't, IMHO you shouldn't anyway and I would object against such useless feature.

Jan

>
> Thanks
> adeon
>
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly

--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly

*****************************************************************************
This email and any attachments transmitted with it are confidential
and intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
notify the sender and do not store, copy or disclose the content
to any other person.

It is the responsibility of the recipient to ensure that opening this
message and/or any of its attachments will not adversely affect
its systems. No responsibility is accepted by the Company.
*****************************************************************************

pgsql-general by date:

Previous
From: Carlos
Date:
Subject: Blocking access to the database??
Next
From: Jan Wieck
Date:
Subject: Re: How to deny user changing his own password?