Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)
| От | Bruce Momjian |
|---|---|
| Тема | Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
| Дата | |
| Msg-id | 199802192013.PAA12377@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) (The Hermit Hacker <scrappy@hub.org>) |
| Список | pgsql-hackers |
> passswords had to get in there at *some* point...they are there > now, now we have to extend the security to the next level. Better to move > forward 1 step at a time. If we remove the REVOKE altogether, the > passwords are still there, but there is *0* security instead of 50% > security... If we remove the REVOKE, then people will not use passwords by mistake, thinking they are secure. To use them, they have to issue a REVOKE, and then they are secure. What am I missing here? > > So, I think we should leave the REVOKE/GRANT in initdb, and work > at having grant/revoke work on a view (such that a view overrides the > revoke of all on pg_user) so that it is appliable *after* v6.3 is > released, and available as (if possible) a patch for just after... > > We aren't hurting anything by leaving the REVOKE/GRANT in place, > but I think we are if we remove it and just leave it wide open... Again, am I missing something? -- Bruce Momjian maillist@candle.pha.pa.us
В списке pgsql-hackers по дате отправления: