Re: Creating a role with read only privileges but user is allowed to change password
| От | Gavin Flower |
|---|---|
| Тема | Re: Creating a role with read only privileges but user is allowed to change password |
| Дата | |
| Msg-id | 536FDD2D.8050003@archidevsys.co.nz обсуждение исходный текст |
| Ответ на | Re: Creating a role with read only privileges but user is allowed to change password (Adrian Klaver <adrian.klaver@aklaver.com>) |
| Ответы |
Re: Creating a role with read only privileges but user is allowed
to change password
|
| Список | pgsql-general |
On 12/05/14 06:09, Adrian Klaver wrote:
On 05/11/2014 10:17 AM, Ravi Roy wrote:I suggest that you move the password to a separate table (my_role_password) with 2 columns:Thanks a lot Tom, it worked by putting off the read only mode to off
before changing the password and putting it on again.SET default_transaction_read_only = off;
Worked for me..
It works but the point Tom was making is here:
"You realize, I hope, that breaking out of that restriction is no harder
than issuing
SET default_transaction_read_only = off;
or even
BEGIN TRANSACTION READ WRITE;
So that ALTER ROLE might be of some use as a protection against accidental
changes, but it's certainly no form of security restriction. (What you
probably want to do instead of this is make sure the role doesn't have
select/update/delete privileges for any of your tables.)
"
Given that in your original post you said:
"Because I wanted this role to readonly (can not change anything in DB but only view)."
you might want to rethink what you are doing.
Many thanks to you!
Regards
Ravi
- my_role_id
- password.
Actually, you should NOT be storing passwords in plain text, they should be stored as a secure hash (better than MD5).
Cheers,
Gavin
В списке pgsql-general по дате отправления: