On Tue, 2002-08-27 at 23:10, Tom Lane wrote: > Oliver Elphick <[EMAIL PROTECTED]> writes: > > This should cause no problem, because we have no > > cross-database communication; it should be impossible for "george@dummy" > > to have any connection with database "test". > > Not so; you need look no further than the owner column of pg_database > to find a case where people can see usernames that might be local to > other databases. Group membership lists might well contain users > from multiple databases, too.
I suspect I have a different view of the ultimate aim of this feature. If we go to a thorough solution for virtual local databases, local users of other databases ought to be completely invisible. I suppose that means that to a local user, pg_database would be a view showing only template[01] and the local database. pg_shadow, too, would show only global users and local users in the same database. I can't see how a group within a local database could contain users from other databases. In the context in which this is being used, each database belongs to a different customer; each database needs to be invisible to other customers. How then should it be possible to have group lists containing users from different local databases? Groups should be local as well as users. Perhaps I like complicating things too much... -- Oliver Elphick [EMAIL PROTECTED] Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "Use hospitality one to another without grudging." I Peter 4:9 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
