Jason W. Strnad
jstrnad at mac.com
Thu May 8 14:59:07 MDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
From the O'Reilly Practical PostgreSQL:
"Though any user may connect to a database, if they wish access to
objects within that database they must have those privileges explicitly
granted to them."
From my (admittedly limited) use of PostgreSQL I have understood this
statement to be correct. You can protect parts of a DB from users, but
any user who can connect to the DB server, can connect to any DB.
If I have this wrong please correct me.
- - -jasons
On Thursday, May 8, 2003, at 09:36 AM, Hugh Brown wrote:
> I am playing around with the version of postgres from rh9. they added
> new column to the pg_hba.conf file that allows you to specify
> users/groups that are allowed to connect.
> My question is this. I have a machine that will have multiple
> within the instance of postgres. new ones will be created to do
> development, etc.
> I have a particular database that I only want members of a certain
> to be able to access, but be able to allow anyone else to access any
> other database. I can't seem to find a way to do this.
> so far I have
> host specialdb +specialgroup ip netmask md5
> host specialdb +specialgroup 127.0.0.1 255.255.255.255 md5
> local specialdb +specialgroup md5
> host all all 127.0.0.1 255.255.255.255 md5
> local all all md5
> which keeps anyone not on the local machine off, but any user on the
> local machine can get to the specialdb regardless of their membership
> what I'd really like is a directive like:
> host specialdb !+specialgroup reject
> but there doesn't seem to be one. Anyone know how to be exclusive
> rather than inclusive (which is how the documentation says to do it)?
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the LUG