rolcanlogin vs. the flat password file
in [PgSql]
|
Prev: CREATE DATABASE cannot be executed from a function or multi-command string
Next: pgadmin debug on windows
From: Magnus Hagander on 17 Oct 2007 12:39 On Wed, Oct 17, 2007 at 05:09:25PM +0100, Dave Page wrote: > Stephen Frost wrote: > > * Tom Lane (tgl(a)sss.pgh.pa.us) wrote: > >> Heikki Linnakangas <heikki(a)enterprisedb.com> writes: > >>> There's legitimate use for creating a role with NOLOGIN and a password. > >> If we think that, then we shouldn't have a message at all. > > > > I'm not sure I agree with that. I don't agree that there's really a > > legitimate use for creating a role w/ NOLOGIN and a password either, for > > that matter. > > Preparing a new user account prior to an employee starting? In my last > post we would do that regularly - setup all the accounts etc for the new > user, but disable them all until the start date. Yeah, but did you actually set a password for them? We do that all the time here, but we don't set the passwords until they show up. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
From: Magnus Hagander on 17 Oct 2007 12:41 On Wed, Oct 17, 2007 at 11:27:10AM -0400, Tom Lane wrote: > Heikki Linnakangas <heikki(a)enterprisedb.com> writes: > > There's legitimate use for creating a role with NOLOGIN and a password. > > If we think that, then we shouldn't have a message at all. At least if we think it's more than a very narrow legitimate use, compared to the number of ppl making the mistake. I agree with making it a NOTICE instead of WARNING though. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
From: Dave Page on 17 Oct 2007 12:47 Magnus Hagander wrote: > On Wed, Oct 17, 2007 at 05:09:25PM +0100, Dave Page wrote: >> Stephen Frost wrote: >>> * Tom Lane (tgl(a)sss.pgh.pa.us) wrote: >>>> Heikki Linnakangas <heikki(a)enterprisedb.com> writes: >>>>> There's legitimate use for creating a role with NOLOGIN and a password. >>>> If we think that, then we shouldn't have a message at all. >>> I'm not sure I agree with that. I don't agree that there's really a >>> legitimate use for creating a role w/ NOLOGIN and a password either, for >>> that matter. >> Preparing a new user account prior to an employee starting? In my last >> post we would do that regularly - setup all the accounts etc for the new >> user, but disable them all until the start date. > > Yeah, but did you actually set a password for them? Yeah, then have them change them all during day 1 IT induction training. We had a much smaller team that I know you do, and the staff that would do the account setup would often be busy first thing on Monday morning when new starters might often arrive - so we would just 'flip the switch' on the pre-configured accounts. /D ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
From: Magnus Hagander on 22 Oct 2007 14:53 Magnus Hagander wrote: > On Wed, Oct 17, 2007 at 11:27:10AM -0400, Tom Lane wrote: >> Heikki Linnakangas <heikki(a)enterprisedb.com> writes: >>> There's legitimate use for creating a role with NOLOGIN and a password. >> If we think that, then we shouldn't have a message at all. > > At least if we think it's more than a very narrow legitimate use, compared > to the number of ppl making the mistake. > > I agree with making it a NOTICE instead of WARNING though. Did we ever come to a conclusion on this or not? I've changed my patch per the suggestions in the thread, but I've held back on committing it to hear arguments... Go or no-go? //Magnus ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
From: Tom Lane on 22 Oct 2007 17:05 Magnus Hagander <magnus(a)hagander.net> writes: > Heikki Linnakangas <heikki(a)enterprisedb.com> writes: >> At least if we think it's more than a very narrow legitimate use, compared >> to the number of ppl making the mistake. > Did we ever come to a conclusion on this or not? I've changed my patch > per the suggestions in the thread, but I've held back on committing it > to hear arguments... Go or no-go? I'm inclined to vote no-go on the message. AFAIR we've only heard the one complaint about this, so I'm not convinced there's a lot of people making such a mistake. We did make the logic change to deal with the underlying problem of a misleading error message after you'd done it, and I think that might be enough. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: CREATE DATABASE cannot be executed from a function or multi-command string Next: pgadmin debug on windows |