Re: Open 7.3 items
От | Oliver Elphick |
---|---|
Тема | Re: Open 7.3 items |
Дата | |
Msg-id | 1030519373.22473.12.camel@linda обсуждение исходный текст |
Ответ на | Re: Open 7.3 items (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: Open 7.3 items
|
Список | pgsql-hackers |
On Tue, 2002-08-27 at 23:10, Tom Lane wrote: > Oliver Elphick <olly@lfix.co.uk> writes: > > This should cause no problem, because we have no > > cross-database communication; it should be impossible for "george@dummy" > > to have any connection with database "test". > > Not so; you need look no further than the owner column of pg_database > to find a case where people can see usernames that might be local to > other databases. Group membership lists might well contain users > from multiple databases, too. I suspect I have a different view of the ultimate aim of this feature. If we go to a thorough solution for virtual local databases, local users of other databases ought to be completely invisible. I suppose that means that to a local user, pg_database would be a view showing only template[01] and the local database. pg_shadow, too, would show only global users and local users in the same database. I can't see how a group within a local database could contain users from other databases. In the context in which this is being used, each database belongs to a different customer; each database needs to be invisible to other customers. How then should it be possible to have group lists containing users from different local databases? Groups should be local as well as users. Perhaps I like complicating things too much... -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "Use hospitality one to another without grudging." I Peter 4:9
В списке pgsql-hackers по дате отправления: