| From: | The BOFH <TheBOFH(at)nc(dot)rr(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Question Two: DB access |
| Date: | 2001-04-18 20:15:00 |
| Message-ID: | 5.1.0.12.2.20010418160405.035f1ec8@mail.astrum.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Since I'm used to the MySQL security paradigm/model, I'm having a little
difficulty understanding the security with pgsql.
I noticed that once a db is created, any user able to log in to the server
can create tables within a database. The docs indicate that I can create a
file containing username:[password] combos to allow only listed users
access to a database, but apparently it's a one file/one database scheme.
"To restrict the set of users that are allowed to connect to certain
databases, list the set of users in a separate file (one user name
per
line) in the same directory that pg_hba.conf is in, and mention
the (base)
name of the file after the password or crypt keyword,
respectively, in
pg_hba.conf. If you do not use this feature, then any user that is
known
to the database system can connect to any database (so long as he
passes password authentication, of course). "
If I want to allow users access to only their databases, do I create a
separate file for each database, and then include the allowed users in that
file? I'm really after by-database security, as opposed to by-table so it
doesn't appear that using groups would help.
The question then arises: Do I then need to add a separate line in
pg_hba.conf for each database under this kind of control?
Thanks
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Poul L. Christiansen | 2001-04-18 20:21:02 | Re: SSL |
| Previous Message | mgermoni | 2001-04-18 20:06:01 | loop on trigger |