| From: | Richard Hayward <richard(at)tortoise(dot)demon(dot)co(dot)uk> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: prevent user change password? |
| Date: | 2005-06-04 21:00:06 |
| Message-ID: | t044a1p84blvil6iatpnn946bbphq79kgm@4ax.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, 01 Jun 2005 11:39:22 -0400, tgl(at)sss(dot)pgh(dot)pa(dot)us (Tom Lane)
wrote:
>> I have a database with a 'Guest' account, that will have limited
>> access. I don't want any of my guests to change the Guest account
>> password.
>
>Perhaps you should use something other than password authentication
>for the guest account.
Thanks for your reply Tom,
I want anyone from anywhere to be able to connect to my_database (only
my_database, not others in the cluster) using the guest account. The
system is to be live on the Internet.
Putting:
host my_database guest 0.0.0.0 0.0.0.0 trust
ahead of other entries in pg_hba.conf seems to do the trick. Even if
guest is given a password, or it gets changed, guest can connect
without being asked for it.
The guest account will only be allowed select permissions.
Does this open me to being attacked? I assume guest could then query
various system tables, but that other users passwords are either not
visible or securely encrypted.
regards
Richard
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-06-04 23:28:53 | Re: Rollback on Error |
| Previous Message | Bruno Wolff III | 2005-06-04 20:22:13 | Re: Limits of SQL |