Re: Granting Permissions to User To Access Database - Mailing list pgsql-admin

From Peter Eisentraut
Subject Re: Granting Permissions to User To Access Database
Date
Msg-id Pine.LNX.4.30.0101101904040.22819-100000@peter.localdomain
Whole thread Raw
In response to Re: Granting Permissions to User To Access Database  (Radoslaw Stachowiak <radek@alter.pl>)
List pgsql-admin
Radoslaw Stachowiak writes:

> > The problem with this approach is that if you do "revoke all on database
> > from all" you have hosed your system.  Text files allow recovery in these
> > situations.
>
> thats completly wrong :) look at the whole UNIX dir permissions topic.
> Using postgres super user, there is NO check on permission (or at least
> there should not be).

But, unlike in Unix, you don't know what user a connection wants to be
before you have done authentication (pg_hba.conf), nor do you know whether
a user is a superuser before querying the database.

We could probably get past the first problem by separating the
_authentication_ and _authorization_ modules, and we could get by the
second issue by doing the connection, checking, and then disconnecting,
but that exposes the database to possible attacks by unprivileged users,
so it has to be evaluated carefully.

--
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/


pgsql-admin by date:

Previous
From: Radoslaw Stachowiak
Date:
Subject: Re: Granting Permissions to User To Access Database
Next
From: David Mehringer
Date:
Subject: multiple postmasters