RE: User administration tool

Поиск
Список
Период
Сортировка
От Peter Eisentraut
Тема RE: User administration tool
Дата
Msg-id Pine.LNX.4.30.0103301726210.1063-100000@peter.localdomain
обсуждение исходный текст
Ответ на RE: User administration tool  (Matthew <matt@ctlno.com>)
Список pgsql-hackers
Matthew writes:

>     semi related to this, I have always thought that the way postgresql
> handles the deletion of users and groups to be flawed.  If I create a user,
> grant permissions on a table and then drop the user, permissions now exist
> on that table for a user that does not exist.

Unfortunately it is not possible to prevent this with anything approaching
ease, in the same way that userdel on Unix can't scan all file systems for
some to-be-stale files before removing users.

> I see this as a possible security flaw since a new user can then be
> created with the user id of the ID user and have all the permissions
> that might have ever been assigned to that old user.

This will be fixed in 7.2 when Oids will be used as user ids.  Of course
Oids can wrap, but that's another days project...

-- 
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/



В списке pgsql-hackers по дате отправления:

Предыдущее
От: Igmar Palsenberg
Дата:
Сообщение: client notification of AbortTransaction()
Следующее
От: "Jim Buttafuoco"
Дата:
Сообщение: Re: Problem with group by in conjuction with Views