Re: grant/revoke bug with delete/update - Mailing list pgsql-bugs

From Jerome Alet
Subject Re: grant/revoke bug with delete/update
Date
Msg-id Pine.LNX.3.96.1000613091243.6707A-100000@cortex.unice.fr
Whole thread Raw
In response to Re: grant/revoke bug with delete/update  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-bugs
On Fri, 9 Jun 2000, Bruce Momjian wrote:

> Are we addressing this?

Yes, please do.

And please don't forget the following:

when dropping an user postgresql (actually the superuser must do it
manually) should first revoke all user's permissions on all databases,
because the deleted userid is reused on the next create user so the new
user inherits all permissions from the deleted user => may be very very
bad (an example of what can be done is not necessary I suppose ?)

> > And for the bug report I posted on Feb 23rd on "drop user" which keeps the
> > user's acl in the database, and the deleted user id being reused, I've not
> > done anything, but I consider this a major problem. Please consider it for
> > a next version.

bye,
Jerome ALET - alet@unice.fr - http://cortex.unice.fr/~jerome
Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30
28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE

pgsql-bugs by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: CLUSTER bug
Next
From: Bruce Momjian
Date:
Subject: Re: Small bug with numeric in 7.0 (also in 6.5.3)