readme index

README.md

@@ -1,5 +1,15 @@
+
 # PostgreSQL expiration date management functions
 
+## Table of Contents
+
+1. [TOC](README.md#postgresql-expiration-date-management-functions)
+	1. [Description](README.md#description)
+	2. [Instructions](README.md#instructions)
+	3. [Helper script](README.md#helper-script)
+	4. [RDS considerations](README.md#rds-considerations)
+	5. [Security considerations](README.md#security-considerations)
+
 ## Description
 
 This project tries to find a way to allow users the management of the `VALID UNTIL` expiration clause by themself.
@@ -78,8 +88,15 @@ There's a `passchanger_rds.sql` file which should be used instead of the normal
 
 For updates you should change the owner of the `change_valid_until` to the database _owner_:
 ```
-ALTER FUNCTION dba.change_my_password(text) OWNER TO _DATABASEOWNER;
+ALTER FUNCTION dba.change_valid_until(text) OWNER TO _DATABASEOWNER;
 ```
 Modify `_DATABASEOWNER` according your admin username...
 
 
+## Security considerations
+
+  * Non-RDS `change_valid_until` function does not uses `ALTER USER` to modify `VALID UNTIL`, it makes an `update pg_catalog.pg_authid set rolvaliduntil` instead, so the `dba` user has only grant over that table/column instead of granting additional permissions to him.
+  * RDS `change_valid_until` should run as the database owner, is the only way to make this work as you can't access `pg_catalog.pg_authid` on rds, it uses `ALTER USER ... VALID UNTIL` instead.
+
+
+