Re: How to deny user changing his own password?
| От | Tom Lane |
|---|---|
| Тема | Re: How to deny user changing his own password? |
| Дата | |
| Msg-id | 29671.1054238457@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: How to deny user changing his own password? (Bruno Wolff III <bruno@wolff.to>) |
| Ответы |
Re: How to deny user changing his own password?
|
| Список | pgsql-general |
Bruno Wolff III <bruno@wolff.to> writes:
> nolan@celery.tssi.com wrote:
>> I could see some merit to a 'LOCK' option on the alter user command, so that
>> the password can only be changed by a superuser.
> That would only be useful if the account was shared, which is normally a bad
> idea.
It'd seem to me that once a bad guy has gotten into your database,
whether he can change a password is the least of your worries.
The people you'd really want to be afraid of would not call attention
to their breakin by doing anything as blatantly obvious as that, anyway.
In short, I don't see any value in a password lock option either.
And ISTM anyplace that used it would be getting in the way of good
password management practice. Users *should* be encouraged to change
their own passwords, and to do so regularly.
regards, tom lane
В списке pgsql-general по дате отправления: