Re: [HACKERS] pg_user

[Andrew Dunstan]

rfc 1925 (see http://www.faqs.org/rfcs/rfc1925.html ) states:

"With sufficient thrust, pigs fly just fine. However, this is not 
necessarily a good idea. It is hard to be sure where they are going to 
land, and it could be dangerous sitting under them as they fly overhead."

You can call it security if you like, but I call it trying to make a pig 
fly.

If you don't want your users to know about each other then put them on 
different clusters. Or if they need access to the same data then mediate 
access via a middle layer at the server end instead of allowing direct 
access to the database(s) - three layer models are very common for this 
and other reasons.

cheers

andrew

ivan wrote:

you can also patch your kernel and when you write cat /etc/passwd system
give you only your line , whitout any others users, so exacly what you
need ,
in pgsql i think that users dont need to know about others , and also
them
databases, i call it security :)
On Mon, 27 Oct 2003, Jan Wieck wrote:

 

ivan wrote:

   

hi

can we change initdb when view pg_user is createing to :

CREATE VIEW pg_user AS \
   SELECT \
       usename, \
       usesysid, \
       usecreatedb, \
       usesuper, \
       usecatupd, \
       '********'::text as passwd, \
       valuntil, \
       useconfig \
   FROM pg_shadow WHERE usename = SESSION_USER;
     

No, at least not without a complete proposal how to retain the current
behaviour of pg_tables, pg_views, psql's \d and other places that rely
on pg_user being able to display all users.
It's the same thing with your /etc/passwd. chmod o-rwx /etc/passwd will
hide the usernames but break many utilities. If you don't want someone
to know all the logins, don't give him one.
Jan

--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== [EMAIL PROTECTED] #
   

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
     subscribe-nomail command to [EMAIL PROTECTED] so that your
     message can get through to the mailing list cleanly
 



---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
     subscribe-nomail command to [EMAIL PROTECTED] so that your
     message can get through to the mailing list cleanly