On Fri, 2003-03-14 at 17:22, James Hall wrote:
> Running version 7.1, have the following entry in PG_HBA.CONF:
> ---
> Local all trust
> Host all 123.0.0.0 255.255.255.0
> password
> ---
>
> With that setting, anyone can login to the database [via our web based
> interface]
> WITHOUT a valid password. If I change local from trust to password then web
> based users have to enter their specific password to login to the database.
> But none of the backup scripts run because postgres needs a password.
>
> Is this a bug, or do I have a misunderstanding of the local use?
What is your web interface programmed in?
I have setup a tomcat user who can access the database. So only tomcat
and the postgres users can access the database. Users log into the
application, not the database in my case. I think that might be a better
security model.
Cheers
Tony Grant
--
www.tgds.net Library management software toolkit,
redhat linux on Sony Vaio C1XD,
Dreamweaver MX with Tomcat and PostgreSQL
