Solution to the pg_user passwd problem !?? (c)
Zeugswetter Andreas <andreas.zeugswetter@telecom.at>
From: Zeugswetter Andreas SARZ <Andreas.Zeugswetter@telecom.at>
To: "'pgsql-hackers@hub.org'" <pgsql-hackers@hub.org>
Date: 1998-02-19T13:59:48Z
Lists: pgsql-hackers
Hi all, What about: grant select on pg_user to public; create rule pg_user_hide_pw as on select to pg_user.passwd do instead select '********' as passwd; Then if I do: select * from pg_user; usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd |valuntil --------+--------+-----------+--------+--------+---------+--------+--------- ------------------- postgres| 6|t |t |t |t |********|Sat Jan 31 07:00:00 2037 NFT zeus | 60|t |t |f |t |********| (2 rows) Also the \d works for all users ! Only "disadvantage" is that noone can read passwd without first dropping the rule pg_user_hide_pw, I consider this a feature though ;-) Since the userauthentication bypasses the rewrite mechanism the logins, alter user .. and others do work ! Can all of you try to crack this ? (c) Andreas Zeugswetter Copyright by Andreas Zeugswetter 1998 contributed to the postgresql project ;-) Wow, I am actually proud of this (so far, and hope it holds what I think it does)