Re: How to deny user changing his own password?
| От | nolan@celery.tssi.com |
|---|---|
| Тема | Re: How to deny user changing his own password? |
| Дата | |
| Msg-id | 20030529181801.3793.qmail@celery.tssi.com обсуждение |
| Ответ на | How to deny user changing his own password? ("adeon" <adeon@tlen.pl>) |
| Ответы |
Re: How to deny user changing his own password?
Re: How to deny user changing his own password? |
| Список | pgsql-general |
> This is the second worst possible reason I can imagine for a feature > like this. Passwords coded into the frontend ... gosh! Depending on the application, coding a password into the front end can be a necessary condition. Think of a PHP web page script that makes database calls. How are you going to prevent other unauthorized connections from that system? Passwords aren't a perfect security device, but they're generally better than no password. I could see some merit to a 'LOCK' option on the alter user command, so that the password can only be changed by a superuser. -- Mike Nolan
В списке pgsql-general по дате отправления: