Re: New pg_pwd patch and stuff

>
> On Sun, 11 Jan 1998, Bruce Momjian wrote:
>
> > >     Wait, let me just get this straight here...pg_user is, by default,
> > > unreadable by the general public, but is changeable just using a simple
> > > grant/revoke??
> > >
> > >     If so, I'm confused as to why this is a bad thing?  Bruce?  Sort
> > > of seems to me that its like the TCP/Unix Socket argument...go to the most
> > > secure first, then let the one setting it up downgrade as they feel is
> > > appropriate...no?
> >
> > OK, general question.  Does pg_user need to be readable?  Do
> > non-postgres users want to see who owns each table?  I don't know.
>
>     Erk...hrmmm...my understanding is that if pg_user is non-readable, then
> doing a \d to list tables won't tell me who owns any of the tables...which
> could be a problem if multiple users have access to the same database, but
> have "personal tables"?
>
>     Actually, right now I think that this is one of the potential problems
> I brought up previous...
>
>     If I create a database, *anyone* that is a user (createuser <>) has access
> to that database...granted that I can use the 'revoke' command to restrict
> table access, there should be some means of restricting a database (and its
> tables) to the owner of that database...
>
>     On top of that, a table/database should be restricted by default...for
> example, this should not happen:

Yes, I agree we should be able to restrict who gets into which
databases.  It is on the TODO list.

* More access control over who can create tables and access the database

The reason it doesn't get complained about more is that many commercial
databases have similar lack of funciontality.

--
Bruce Momjian
maillist@candle.pha.pa.us