Tom Lane wrote:
Kenneth Downs <[EMAIL PROTECTED]> writes:
Except for the hole. On a public site that lets users register, we have
to have way to let the web server assume the role of somebody who has
createuser privelege, and that's pretty much the end of the no-root
policy. If an exploi
Kenneth Downs <[EMAIL PROTECTED]> writes:
> Except for the hole. On a public site that lets users register, we have
> to have way to let the web server assume the role of somebody who has
> createuser privelege, and that's pretty much the end of the no-root
> policy. If an exploit could be pl
* Kenneth Downs ([EMAIL PROTECTED]) wrote:
> We use real database users in our systems, we don't connect in with an
> over-endowed user and then arbitrate security in client code.
> Therefore, we depend entirely upon the server's ability to enforce security.
We do the same thing. :)
> The pra
Well basically, I was planning on building my user accounts directly using
the postgres user/group policy and get away from the model superuser always
connects to the DB.
I kind of think it defeats the purpose of inheritance of attributes if you
can't inherit from all attributes of a certain grou
Tom Lane wrote:
"David Legault" <[EMAIL PROTECTED]> writes:
I thought it would transfer that CREATEROLE privilege too.
I've been dying to get 2 cents in on this. Tell me if this suggestion
makes any sense.
We use real database users in our systems, we don't connect in with an
"David Legault" <[EMAIL PROTECTED]> writes:
> I thought it would transfer that CREATEROLE privilege too.
This is documented someplace ... ah, under CREATE ROLE:
: The INHERIT attribute governs inheritance of grantable privileges (that
: is, access privileges for database objects and role membersh
The docs should probably be more clear about this because you can do:
GRANT *role* [, ...] TO *username* [, ...] [ WITH ADMIN OPTION ]
GRANT on Roles
This variant of the GRANT command grants membership in a role to one or more
other roles. Membership in a role is significant because it conveys
David Legault escribió:
> Hello,
>
> I'm a bit new to Postgre, and I'm experimenting with the roles stuff.
>
> I want to know why If I create a role called "administrator" (a group
> basically, no login) :
>
> CREATE ROLE administrator NOSUPERUSER INHERIT NOCREATEDB CREATEROLE;
>
> And then cre
David Legault wrote:
Hello,
I'm a bit new to Postgre, and I'm experimenting with the roles stuff.
I want to know why If I create a role called "administrator" (a group
basically, no login) :
CREATE ROLE administrator NOSUPERUSER INHERIT NOCREATEDB CREATEROLE;
And then create a user
CREATE
