On Wed, Mar 17, 2004 at 08:43:16AM -0500, Tom Allison wrote: Tom, I'm new to this so can I ask for some clarification?
> login_usernames are associated with database usernames. Means access to > one means greater access to do damage. Security issue. You mean if user A creates a database then user B can access it automatically? If you want to give users their own database won't this help? # Type Database User Type local sameuser all ident sameuser That limits access to their own database. Then for web access use a host entry and suexec (for cgi at least) so cgi apps will ident to that user. > required ident which is not installed with postgresql and should be > considered a bug. IIRC You don't need to run ident for local access and still use "ident" type of access. Seems like a good default for new people using postgresql on the same machine. > Ident is also an open text password process and > should be avoided. Security issue and a Bug. How is Ident a password issue? It just says what user is connected to a socket. > It's far easier to manage and far saner to manage if you just added some > lines to pg_hba.conf to the effect of: > > local all postgres trust Doesn't that say that anyone can connect as postgres? and therefore to any database? > local all all md5 (or trust or password) > host all all 127.0.0.0/8 md5 > host all all 192.168.0.0/24 md5 ( I have an internal LAN ) So all that mean that anyone with a postgres username and password can connect to any database, right? > >I wonder if there's an easier way than having to GRANT every > >object -- like a global grant. > > > IIRC there is but you and I both have to RTFM a bit. > I saw your name on the pgsql-novice list! ;) I have -- a few times -- but still seems like I'm doing it the hard way. No response on the NOVICE list -- I thought it was a novice question -- perhaps the pg-general list might be more responsive. -- Bill Moseley [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
