Thread

  1. Re: [HACKERS] Postgres acl (fwd)

    Bruce Momjian <maillist@candle.pha.pa.us> — 1998-01-06T18:42:02Z

    > 
    > On Tue, 6 Jan 1998, Bruce Momjian wrote:
    > 
    > > Can someone who has permission to create databases be trusted not to
    > > delete others?  If we say no, how do we make sure they can change
    > > pg_database rows on only databases that they own?
    > 
    > 	deleting a database is accomplished using 'drop database', no?
    > Can the code for that not be modified to see whether the person dropping
    > the database is the person that owns it *or* pgsuperuser?
    
    It already does the check, but issues an SQL from the C code to delete
    from pg_database.  I believe any user who can create a database can
    issue the same SQL command from psql, bypassing the drop database
    checks, no?
    
    -- 
    Bruce Momjian
    maillist@candle.pha.pa.us