Re: [HACKERS] Open 6.3 issues (fwd)
| От | The Hermit Hacker |
|---|---|
| Тема | Re: [HACKERS] Open 6.3 issues (fwd) |
| Дата | |
| Msg-id | Pine.NEB.3.95.980218123831.17624M-100000@hub.org обсуждение исходный текст |
| Ответ на | [HACKERS] Open 6.3 issues (fwd) (Bruce Momjian <maillist@candle.pha.pa.us>) |
| Список | pgsql-hackers |
On Wed, 18 Feb 1998, Bruce Momjian wrote: > Here are the items. Can I remove any of them? > > Looking over the list, the only major one I see is that pg_user is not > world-readable, and with Todd not responding, I am thinking I may need > to do some ripout. Right now, \d does not work for non-super-users. > Can you imagine the problem reports we will get on that? Okay, I just grabbed our "resident Oracle guru"s time to see how Oracle does this, and I'm CCng him in on this... Basically, from what we can tell, there is one large table that contains the user information, including passwords. If we go in as 'the dba' himself (same as our super user), we can view the table in its entirety...if we go in as "joe blow user", you can only look at a "view" of the table. "select * from all_users;" <- no passwords "select * from dba_users;" <- includes passwords So, I think that Todd has the right idea, but where we are lacking is the ability to have pg_users "closed" to non-su users to view all its data, but have it "open" through a system view... So, what we need is the ability to have a view created, as part of the system itself, that does: "select usename,usesysid,<etc, minus passwd,valuntil> from pg_user;" So that that information is available, but the password isn't...
В списке pgsql-hackers по дате отправления: