Re: How to deny user changing his own password?
| От | Alvaro Herrera |
|---|---|
| Тема | Re: How to deny user changing his own password? |
| Дата | |
| Msg-id | 20030529205424.GG2878@dcc.uchile.cl обсуждение исходный текст |
| Ответ на | Re: How to deny user changing his own password? ("Trewern, Ben" <Ben.Trewern@mowlem.com>) |
| Список | pgsql-general |
On Thu, May 29, 2003 at 05:36:04PM +0100, Trewern, Ben wrote: > Now I think about this it would be useful: I have an Access database which > connects to postgres and the password is saved in the access frontend. If > someone (not sure how!) runs ALTER USER ..... WITH PASSWORD '....'; via the > frontend they could disrupt the connection to the postgres backend. I'm > sure a similar situation could happen with PHP or similar as you often don't > use the postgres security features to secure your application. Not sure with Access, but in general when running something backed by a database you should not just allow arbitrary SQL reach the database. There should be no way for any user of the application to execute an ALTER USER query. -- Alvaro Herrera (<alvherre[a]dcc.uchile.cl>) "Before you were born your parents weren't as boring as they are now. They got that way paying your bills, cleaning up your room and listening to you tell them how idealistic you are." -- Charles J. Sykes' advice to teenagers
В списке pgsql-general по дате отправления: