Search Postgresql Archives

Re: Creating a role with read only privileges but user is allowed to change password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/05/14 06:09, Adrian Klaver wrote:
On 05/11/2014 10:17 AM, Ravi Roy wrote:
Thanks a lot Tom, it worked by putting off the read only mode to off
before changing the password and putting it on again.

SET default_transaction_read_only = off;

Worked for me..

It works but the point Tom was making is here:

"You realize, I hope, that breaking out of that restriction is no harder
than issuing

SET default_transaction_read_only = off;

or even

BEGIN TRANSACTION READ WRITE;

So that ALTER ROLE might be of some use as a protection against accidental
changes, but it's certainly no form of security restriction.  (What you
probably want to do instead of this is make sure the role doesn't have
select/update/delete privileges for any of your tables.)
"

Given that in your original post you said:

"Because I wanted this role to readonly (can not change anything in DB but only view)."


you might want to rethink what you are doing.


Many thanks to you!

Regards
Ravi

I suggest that you move the password to a separate table (my_role_password) with 2 columns:
  1. my_role_id
  2. password.
This way you can make the my_role table totally unalterable by the user, yet they can change their own password.

Actually, you should NOT be storing passwords in plain text, they should be stored as a secure hash (better than MD5).



Cheers,
Gavin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux