Re: [HACKERS] Re: New pg_pwd patch and stuff
| От | Bruce Momjian |
|---|---|
| Тема | Re: [HACKERS] Re: New pg_pwd patch and stuff |
| Дата | |
| Msg-id | 199801201953.OAA06969@candle.pha.pa.us обсуждение |
| Ответ на | Re: [HACKERS] Re: New pg_pwd patch and stuff (todd brandys <brandys@eng3.hep.uiuc.edu>) |
| Список | pgsql-hackers |
> I agree that we should do the check for the 'World-readable' > pg_user and give a warning if someone attempts to assign a password. > I still think the admin should be given an option in the dbinit script to > choose whether or no to run the 'REVOKE'. At this point it would be easy > to inform the admin what the trade-offs are, and we will have his/her > undivided attention (They will be more apt to read about it to get past the > prompt.). > > These changes should not take long to make. I need to get the current > CVS version (I will do so tonight), and I should have the changes > (performed and tested) in a day or so. Sure, why not ask the admin. Saves him a step when he tries to do the first password. I just think we should also check when doing a password change, which makes sense. -- Bruce Momjian maillist@candle.pha.pa.us
В списке pgsql-hackers по дате отправления: