Re: Creating a role with read only privileges but user is allowed to change password
| От | David G Johnston |
|---|---|
| Тема | Re: Creating a role with read only privileges but user is allowed to change password |
| Дата | |
| Msg-id | CAKFQuwYLmwNOppJoMHrCvgURaFDisqKjektD_HGkeVpA4y-P9A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Creating a role with read only privileges but user is allowed to change password (Gavin Flower <GavinFlower@archidevsys.co.nz>) |
| Ответы |
Re: Re: Creating a role with read only privileges but user
is allowed to change password
|
| Список | pgsql-general |
Isuggest that you move the password to a separate table (my_role_password) with 2 columns:This way you can make the my_role table totally unalterable by the user, yet they can change their own password.
- my_role_id
- password.
Actually, you should NOT be storing passwords in plain text, they should be stored as a secure hash (better than MD5).
I have no clue what you are trying to get at here...the core problem is with database defined roles - which are maintained in the system catalog - and the fact that marking a session read-only disallows updates to the system catalog...
I do not see how adding a user table with role and password overcomes that problem since the user table would be read-only too - so how would they still be able to change their password if the cannot alter the table (data alter, not structure).
David J.
View this message in context: Re: Creating a role with read only privileges but user is allowed to change password
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
В списке pgsql-general по дате отправления: