SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-10-2008, 05:17 AM
| ||||
| ||||
 Re: alter user Instead of using a general purpose account, why not give everyone an account, then make them a member of a group, and give that group the access. That way you can easily add / remove people from the group instead of trying to do it this way. Otherwise, don't use a password, set the machine to use trust or ident or something like that where a password wouldn't matter. -----Original Message----- From: pgsql-admin-owner@postgresql.org on behalf of Wim Bertels Sent: Thu 9/22/2005 6:13 PM To: pgsql-admin@postgresql.org Subject: [ADMIN] alter user Ls, any user can change his own password, i haven't found a way of prohibiting this. what about a general user (eg test/test), that is used by many people, one of those people could use alter user (being connected as test/test) the change the password, leaving the rest clueless.. suggestions to prevent this?, i need a general (readonly) user! -- Wim Bertels      |
|
04-10-2008, 05:17 AM
| |||
| |||
| Re: alter user On Friday 23 September 2005 01:51, Scott Marlowe seinde rooksignalen: > Instead of using a general purpose account, why not give everyone an > account, then make them a member of a group, and give that group the > access. > > That way you can easily add / remove people from the group instead of > trying to do it this way. not an option, its for scripting and testing purposes > > Otherwise, don't use a password, set the machine to use trust or ident or > something like that where a password wouldn't matter. although it is then a user/pasword known by a lot of people, it is still beter than no password > > -----Original Message----- > From: pgsql-admin-owner@postgresql.org on behalf of Wim Bertels > Sent: Thu 9/22/2005 6:13 PM > To: pgsql-admin@postgresql.org > Subject: [ADMIN] alter user > > Ls, > > any user can change his own password, > i haven't found a way of prohibiting this. > what about a general user (eg test/test), that is used by many people, > one of those people could use alter user (being connected as test/test) the > change the password, leaving the rest clueless.. > > suggestions to prevent this?, i need a general (readonly) user! -- Wim Bertels -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBDM006Fj4TNdVKYYsRAlGvAJ9GUm7Hudc8Fpd91zBDTF jZGS+xFgCfd0q2 xetcxhaMObOGuJoNNAm07S4= =hHEB -----END PGP SIGNATURE----- |
|
04-10-2008, 05:17 AM
| |||
| |||
| Re: alter user On Fri, Sep 23, 2005 at 02:32:51 +0200, Wim Bertels <wim.bertels@khleuven.be> wrote: > > > > Otherwise, don't use a password, set the machine to use trust or ident or > > something like that where a password wouldn't matter. > > although it is then a user/pasword known by a lot of people, > it is still beter than no password Why do you say that? Ident authentication is secure if you are on the same box as the postgers server. ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend |
|
04-10-2008, 05:17 AM
| |||
| |||
| Re: alter user Bruno Wolff III <bruno@wolff.to> writes: > Why do you say that? Ident authentication is secure if you are on the same > box as the postgers server. The real question is this: given that you don't believe in a personal password as authorization to use the database, what exactly *would* you like to believe in? We have a number of possible solutions available, but I don't know what to recommend ... regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match |
|
04-10-2008, 05:17 AM
| ||||
| ||||
| Re: alter user On Thu, 2005-09-22 at 19:32, Wim Bertels wrote: > On Friday 23 September 2005 01:51, Scott Marlowe seinde rooksignalen: > > Instead of using a general purpose account, why not give everyone an > > account, then make them a member of a group, and give that group the > > access. > > > > That way you can easily add / remove people from the group instead of > > trying to do it this way. > > not an option, its for scripting and testing purposes I don't see why my method(s) excludes scripting and testing. > > > > Otherwise, don't use a password, set the machine to use trust or ident or > > something like that where a password wouldn't matter. > > although it is then a user/pasword known by a lot of people, > it is still beter than no password No, it really isn't. Once everyone (or a large enough subset of everyone) knows the password, it's no better than an account that can log in without one. If it's a generic read only account with the same name as the database, give it select only permission, and add a line like this: host sameuser all 10.1.1.1 255.255.255.0 trust where the 10.1.1.1 / 255.255.255.0 are replaced with the appropriate mask to let your test machines log in. Put the host / md5 lines after this one for the same line but with all in place of sameuser and you're gold. ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend |
Linear Mode
