>
> Hi all,
>
> What about:
> grant select on pg_user to public;
> create rule pg_user_hide_pw as on
> select to pg_user.passwd
> do instead select '********' as passwd;
When I see this, the word 'genius' comes to mind. What a brilliantly
elegant solution to the problem.
>
> Then if I do:
> select * from pg_user;
> usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd |valuntil
> --------+--------+-----------+--------+--------+---------+--------+---------
> -------------------
> postgres| 6|t |t |t |t |********|Sat Jan
> 31 07:00:00 2037 NFT
> zeus | 60|t |t |f |t |********|
> (2 rows)
>
> Also the \d works for all users !
>
> Only "disadvantage" is that noone can read passwd without first dropping the
> rule pg_user_hide_pw,
> I consider this a feature though ;-)
>
> Since the userauthentication bypasses the rewrite mechanism the logins,
> alter user .. and others do work !
>
> Can all of you try to crack this ?
>
> (c) Andreas Zeugswetter
>
> Copyright by Andreas Zeugswetter 1998 contributed to the postgresql project
> ;-)
> Wow, I am actually proud of this (so far, and hope it holds what I think it
> does)
>
>
>
--
Bruce Momjian
maillist@candle.pha.pa.us