Return-Path: postarch
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA29382; Thu, 30 Apr 92 00:54:29 -0700
Message-Id: <9204300754.AA29382@postgres.Berkeley.EDU>
From: postarch (Postgres Mailing Archive)
Subject: Re: Who am I?
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu
Reply-To: mer@postgres.berkeley.edu
In-Reply-To: Your message of "Sun, 26 Apr 92 19:59:08 PDT."
             <9204270259.AA15561@postgres.Berkeley.EDU> 
Date: Thu, 30 Apr 92 00:54:11 PDT

you write:
> When connecting to a backend via libpq from a remote host, who does the
> backend think I am? I want to define rules that disallow access to
> instances based on attributes of those instances, depending on the user
> trying to do the retrievals; thus, I need some way to know who the user
> performing the query is. The manual claims that pg_username() returns
> the user name of the "current user" (define rule man page), but what
> does that mean? Does libpq transmit the UID of the user? If the remote
> user's number UID is not one of the ones in the system catalogs (entered
> via createuser, I assume), then are libpq connections disallowed?

The backend gets the user's name as a character string in the start-up
packet from the front-end.  It will believe whatever the front-end tells
it.  pg_username() returns a pointer to this string.

We make a *feeble* attempt to lock out unauthorized users by looking in
pg_user for the user name, but it would be simplicity itself to fake the
system out.

> Also, is there a way to get rid of a rule? I don't want to start mucking
> about with thes and find I can't unmuck.

The commands you want are:

	remove instance rule <rulename>
	remove rewrite rule <rulename>

> Enquiring minds want to know...

Did you hear about the Elvis sighting?


Jeff Meredith
mer@postgres.berkeley.edu