On Tue, 2002-07-30 at 16:55, Marc G. Fournier wrote:
> On Tue, 30 Jul 2002, Andrew Sullivan wrote:
>
> > On Tue, Jul 30, 2002 at 12:43:52AM -0300, Marc G. Fournier wrote:
> >
> > > since as soon as there are two 'bruce' users, only one can have a password
> >
> > I guess I don't understand why that's a problem. I mean, if you're
> > authenticating users, how can you have two with the same name? It's
> > just like UNIX usernames, to my mind: they have to be unique on the
> > system, no?
>
> I think that is the problem with everyone's "thinking" ... they are only
> dealing with 'small servers', where it only has a couple of databases ...
> I'm currently running a server with >100 domains on it, each one with *at
> least* one database ... each one of those domains, in reality, *could*
> have a user 'bruce' ...
>
> note that I run virtual machines ... so each one fo those 'domains' has
> their own password files, so I can't say to 'client A' that 'client B'
> already has user 'bruce', so you can't use it, even though its unique to
> your system ...
But if they are _really_ virtual machines then you can probably
distinguish them by IP as was discussed earlier.
Or you can declare each virtual machine to be its own "domain" and name
db users user@domain (or //domain/user if you are inclined that way ;).
both of these names are accepted by postgres as valid usernames.
I guess you must doing something like that with their e-mail addresses
already ;)
> And, I don't want to run 100 pgsql instances on the server, since either
> I'd have to have one helluva lot of RAM dedicated to PgSQL, or have little
> tiny shared memory segments available to each ...
>
> actually, let's add onto that ... let's say every one of those 100 pgsql
> databases is accessed by PHPPgAdmin, through the web ... so, with a
> 'common password' amongst all the various 'bruce's, I could, in theory, go
> to any other domain's PHPPgAdmin, login and see their databases (major
> security problem) ...
Bugzilla resolves the problem of "many bruces" by having e-mail address
as a globally unique username.
> the way it was before, I could setup a password file
> that contained a different password for each of those domains, so that
> bruce on domain 1 couldn't access domain 2's databases ... or vice versa
> ...
>
> I've CC'd this back into the list, mainly because I think others might be
> 'thinking within the box' on this :(
Otoh, thinking that distinguishing users by password is a good idea can
also be considered 'thinking within the box' by some ;)
--------------------
Hannu