Re: How to deny user changing his own password?

On Thu, May 29, 2003 at 13:18:01 -0500,
  nolan@celery.tssi.com wrote:
> > This is the second worst possible reason I can imagine for a feature
> > like this. Passwords coded into the frontend ... gosh!
>
> Depending on the application, coding a password into the front end can
> be a necessary condition.  Think of a PHP web page script that makes
> database calls.  How are you going to prevent other unauthorized
> connections from that system?  Passwords aren't a perfect security
> device, but they're generally better than no password.

You can use ident authentication.

> I could see some merit to a 'LOCK' option on the alter user command, so that
> the password can only be changed by a superuser.

That would only be useful if the account was shared, which is normally a bad
idea.