On Friday 26 March 2004 15:09, Tom Lane wrote:
> Sean Chittenden <sean@chittenden.org> writes:
> >
> > Agreed, but if a cluster is using LOCAL USERs, I doubt highly that
> > CLUSTER/GLOBAL users would be in use much beyond super users. -sc
>
> Exactly my point. I think that it might be possible for a
> locally-privileged DBA to give himself superuser privileges by skating
> on this confusion between who is whom. Once he creates a local user
> with the same name as the global superuser, the door is open to problems
> --- not only possible bugs in our own code, but plain old human error on
> the part of the real superuser.
Maybe it's me being slow, but are we not being over-complicated here? What's
wrong with saying "database D1 looks up users in local table, D2 in the
global table". If you are connected to D1, then no-one can see the global
userlist.
The global user "richard" cannot log into D1, and the local user "richard" can
log only into D1.
> In short, I say it's a bad idea with no redeeming social value. I can't
> see any positive use-case for having local usernames that conflict with
> global ones.
In a shared-hosting situation, I can see "local super-users" both wanting to
create users called (e.g.) "plone".
-- Richard Huxton Archonet Ltd