----- Original Message -----
From: Anthony E. Greene <agreene@pobox.com>
To: <pgsql-admin@postgresql.org>
Sent: Thursday, July 13, 2000 4:06 PM
Subject: Re: [ADMIN] users and passwords problem
> Denis Pugnere wrote:
> >
> > PG 7.0.2, RH Linux 6.2
> >
> > I'm trying to secure access to pgsql databases.
> > the politic I use is to only allow access databases with passwords.
> > (...)
> > Why this access is allowed ?
> > How to secure accesses to databases ?
>
> Have that "unauthorized" user try a SELECT and see what happens. They
> are allowed to connect, but not to retrieve any records.
Yes but they still can create new objects, e.g. "CREATE TABLE foo (id
serial, desc varchar(10));"
even if they aren't database owners. I think this is a known problem and
I've heard it will be
soon fixed.
Bye,
Jacopo
