Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Marc G. Fournier <scrappy@hub.org>

From: The Hermit Hacker <scrappy@hub.org>
To: Zeugswetter Andreas SARZ <Andreas.Zeugswetter@telecom.at>
Cc: "'pgsql-hackers@hub.org'" <pgsql-hackers@hub.org>
Date: 1998-02-19T14:14:36Z
Lists: pgsql-hackers
I like it!!!  I'm going to do a fresh buildl and try this out, and see if
Julie/I can get that ODBC driver working with this...*cross fingers*

Bruce...do see anyting particularly bad about this?



On Thu, 19 Feb 1998, Zeugswetter Andreas SARZ wrote:

> Hi all,
> 
> What about:
> grant select on pg_user to public;
> create rule pg_user_hide_pw as on
> select to pg_user.passwd
> do instead select '********' as passwd;
> 
> Then if I do:
> select * from pg_user;
> usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd  |valuntil
> --------+--------+-----------+--------+--------+---------+--------+---------
> -------------------
> postgres|       6|t          |t       |t       |t        |********|Sat Jan
> 31 07:00:00 2037 NFT
> zeus    |      60|t          |t       |f       |t        |********|
> (2 rows)
> 
> Also the \d works for all users !
> 
> Only "disadvantage" is that noone can read passwd without first dropping the
> rule pg_user_hide_pw,
> I consider this a feature though ;-)
> 
> Since the userauthentication bypasses the rewrite mechanism the logins,
> alter user .. and others do work !
> 
> Can all of you try to crack this ?
> 
> (c) Andreas Zeugswetter
> 
> Copyright by Andreas Zeugswetter 1998 contributed to the postgresql project
> ;-)
> Wow, I am actually proud of this (so far, and hope it holds what I think it
> does)
> 
>