RE: [ADMIN] RE: Security Question

Wed, 22 Dec 1999 01:26:08 -0800 

The workaround I use is via the pg_hba.conf file : my users connect remotely from 
various locations. Each location is granted for one DB only :

host    the_db       123.45.67.89    255.255.255.255 password

This way, the problem is reversed : everyone can connect to "the_db", from the 
"123.45.67.89" host. In practice, "123.45.67.89" is the address of an Internet 
gateway, so only the registered users for "the_db" can use it.
The problem to solve is still : how to protect a DB from users, independently of 
locations. It can be done via the pg_hba.conf file, but it will rely on the 
administrator (there can be large holes). The best way is to grant/revoke on databases.

Nicolas Huillard

-----Message d'origine-----
De:     Tim Perdue [SMTP:[EMAIL PROTECTED]]
Date:   mercredi 22 d�cembre 1999 02:37
�:      [EMAIL PROTECTED]
Objet:  [ADMIN] RE: Security Question

This message was sent from Geocrawler.com by "Tim Perdue" <[EMAIL PROTECTED]>
Be sure to reply to that address.

I've never seen an answer posted to these
questions on the mailing list and there's no
mention in the docs AFAICT.

There's got to be a way to create multiple
databases and have each one protected by a
different username/password. Right now, any
authorized user can connect to any database. Grant
only works on tables, which is not useful in this
case (grant against a DB would be useful).

Could someone reply to me and copy the list for
posterity??

Tim
[EMAIL PROTECTED]


-------------------------------------


Okay, here`s my question for the week...

            I have a server that I want to run
with multiple client databases, each
            one password protected...but how do I
get it so that userA can`t connect
            to userB`s database, or vice versa?

            I know I can grant/revoke on the
tables, but how do I grant/revoke on the
            database`s themselves?

            For instance, i don`t want someone to
be able to connect to their
            database, and then do a connect <userB
database> ... 

            Is this currently possible?  Or do we
not have that level of granularity
            yet?

            Marc G. Fournier                  
ICQ#7615664               IRC Nick: Scrappy
            Systems Administrator @ hub.org 
            primary: [EMAIL PROTECTED]          
secondary: scrappy@{freebsd|postgresql}.org 

Geocrawler.com - The Knowledge Archive

************



************

Reply via email to