On Fri, 9 Jun 2000, Bruce Momjian wrote:
> Are we addressing this?
Yes, please do.
And please don't forget the following:
when dropping an user postgresql (actually the superuser must do it
manually) should first revoke all user's permissions on all databases,
because the deleted userid is reused on the next create user so the new
user inherits all permissions from the deleted user => may be very very
bad (an example of what can be done is not necessary I suppose ?)
> > And for the bug report I posted on Feb 23rd on "drop user" which keeps the
> > user's acl in the database, and the deleted user id being reused, I've not
> > done anything, but I consider this a major problem. Please consider it for
> > a next version.
bye,
Jerome ALET - alet@unice.fr - http://cortex.unice.fr/~jerome
Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30
28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
