Marc G. Fournier wrote: > I think that is the problem with everyone's "thinking" ... they are only > dealing with 'small servers', where it only has a couple of databases ... > I'm currently running a server with >100 domains on it, each one with *at > least* one database ... each one of those domains, in reality, *could* > have a user 'bruce' ... > > note that I run virtual machines ... so each one fo those 'domains' has > their own password files, so I can't say to 'client A' that 'client B' > already has user 'bruce', so you can't use it, even though its unique to > your system ... > > And, I don't want to run 100 pgsql instances on the server, since either > I'd have to have one helluva lot of RAM dedicated to PgSQL, or have little > tiny shared memory segments available to each ... > > actually, let's add onto that ... let's say every one of those 100 pgsql > databases is accessed by PHPPgAdmin, through the web ... so, with a > 'common password' amongst all the various 'bruce's, I could, in theory, go > to any other domain's PHPPgAdmin, login and see their databases (major > security problem) ... the way it was before, I could setup a password file > that contained a different password for each of those domains, so that > bruce on domain 1 couldn't access domain 2's databases ... or vice versa > ... > > I've CC'd this back into the list, mainly because I think others might be > 'thinking within the box' on this :(
How hard would it be to do something like this: 1. Add a column called usedatid to pg_shadow. This would contain an array of database oids to which a user is bound. Use the value 0 to mean "all databases". 2. Remove unique index on usename (we always know which database a user is logging in to, don't we?). Change unique index on usesysid to be over both usesysid and usedatid. 3. Add sufficient grammer to support specifying a specific database when creating a user. Default to all databases for BC. Add ability to bind to additional databases in ALTER USER. Just trying to think outside the box ;-) Joe ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
