| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Open 7.3 items |
| Date: | 2002-08-17 16:26:44 |
| Message-ID: | 200208171626.g7HGQiG04484@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
OK, I think we are doing this backwards. Instead of adding '@' to
global users, and then removing it in the backend, why don't we have
local users end with '@', that way, global users continue to connect
just as they have before, and local users connect with @, so dave(at)db1
connects as 'dave@' and if he has other database access, he can use the
same 'dave@' name.
That removes some of the uglification, I think.
---------------------------------------------------------------------------
Tom Lane wrote:
> BTW, I just thought of a small improvement to your patch that eliminates
> some of the ugliness. Suppose that when we recognize an attempt to
> connect as a global user (ie, feature flag is on and last character of
> username is '@'), we strip off the '@' before proceeding. Then we would
> have:
> global users appear in pg_shadow as foo
> local users appear in pg_shadow as foo(at)db
> and what this would mean is that you can flip between feature-enabled
> and feature-disabled states without breaking your global logins. So you
> don't need the extra step of creating a "postgres@" before turning on
> the feature. (Which was pretty ugly anyway, since even though postgres@
> could be made a superuser, he wouldn't be the same user as postgres ---
> this affects table ownership, for example, and would be a serious issue
> if you wanted any non-superuser global users.)
>
> I suppose some might argue that having to say postgres@ to log in,
> when your username is really just postgres as far as you can see in the
> database, is a tad confusing. But the whole thing is an acknowledged
> wart anyway, and I think getting rid of the two problems mentioned above
> is worth it.
>
> Also, if we do this then it's important to strip a trailing '@' only
> if it's the *only* one in the given username. Else a local user
> 'foo(at)db1' could cheat to log into db2 by saying username = 'foo(at)db1@'
> with requested database db2. But I can't see any other security hole.
>
> regards, tom lane
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2002-08-17 16:28:43 | Re: Removing Libraries (Was: Re: Open 7.3 issues) |
| Previous Message | Marc G. Fournier | 2002-08-17 16:25:34 | Re: Removing Libraries (Was: Re: Open 7.3 issues) |