Re: New pg_pwd patch and stuff

Bruce Momjian <maillist@candle.pha.pa.us>

From: Bruce Momjian <maillist@candle.pha.pa.us>
To: scrappy@hub.org (The Hermit Hacker)
Cc: brandys@eng3.hep.uiuc.edu, hackers@postgreSQL.org
Date: 1998-01-12T13:30:12Z
Lists: pgsql-hackers
> 
> On Sun, 11 Jan 1998, Bruce Momjian wrote:
> 
> > > 	Wait, let me just get this straight here...pg_user is, by default,
> > > unreadable by the general public, but is changeable just using a simple
> > > grant/revoke??
> > > 
> > > 	If so, I'm confused as to why this is a bad thing?  Bruce?  Sort
> > > of seems to me that its like the TCP/Unix Socket argument...go to the most
> > > secure first, then let the one setting it up downgrade as they feel is
> > > appropriate...no?
> > 
> > OK, general question.  Does pg_user need to be readable?  Do
> > non-postgres users want to see who owns each table?  I don't know.
> 
> 	Erk...hrmmm...my understanding is that if pg_user is non-readable, then
> doing a \d to list tables won't tell me who owns any of the tables...which
> could be a problem if multiple users have access to the same database, but
> have "personal tables"? 
> 
> 	Actually, right now I think that this is one of the potential problems
> I brought up previous...
> 
> 	If I create a database, *anyone* that is a user (createuser <>) has access
> to that database...granted that I can use the 'revoke' command to restrict
> table access, there should be some means of restricting a database (and its
> tables) to the owner of that database...
> 
> 	On top of that, a table/database should be restricted by default...for
> example, this should not happen:

Yes, I agree we should be able to restrict who gets into which
databases.  It is on the TODO list.

* More access control over who can create tables and access the database

The reason it doesn't get complained about more is that many commercial
databases have similar lack of funciontality.

-- 
Bruce Momjian
maillist@candle.pha.pa.us