Re: [HACKERS] Postgres acl (fwd)
Bruce Momjian <maillist@candle.pha.pa.us>
From: Bruce Momjian <maillist@candle.pha.pa.us>
To: scrappy@hub.org (The Hermit Hacker)
Cc: kwitten@qdt.com, hackers@postgreSQL.org
Date: 1998-01-06T18:42:02Z
Lists: pgsql-hackers
> > On Tue, 6 Jan 1998, Bruce Momjian wrote: > > > Can someone who has permission to create databases be trusted not to > > delete others? If we say no, how do we make sure they can change > > pg_database rows on only databases that they own? > > deleting a database is accomplished using 'drop database', no? > Can the code for that not be modified to see whether the person dropping > the database is the person that owns it *or* pgsuperuser? It already does the check, but issues an SQL from the C code to delete from pg_database. I believe any user who can create a database can issue the same SQL command from psql, bypassing the drop database checks, no? -- Bruce Momjian maillist@candle.pha.pa.us