My apologies if the answer(s) to my questions are obvious to others. I'm
still quite new to Linux and PostgreSQL.
I have set up a database to be used by hundreds of students. Within psql I
set GRANT SELECT ON database TO PUBLIC on the database but have found that
if I login as one of those students I can login as the database owner by
using
\connect database owner
I then used:
ALTER USER owner WITH PASSWORD 'password';
the database confirmed a change had been made. I had hoped that by
explicitly putting a password in for the owner that if I used the \connect
.... then I would be required to put a password in to connect as owner.
Unfortunately not.
Any suggestions as to how I might secure the database to SELECTS only.
Curerently I have not invoked password authentication on the database
itself. I'm currently using the default settings on pg_hba.conf and I'm
wondering if the problem can be handled by altering this?
Thanks in anticipation
Mike Withers
University of Western Sydney, Australia