Philip Hallstrom <philip@adhesivemedia.com> writes:
> Got it. Thanks again. So really that last entry in pg_hba.conf (the
> "local...all...trusted") is dangerous... can any user who can connect to a
> database also drop tables?
No, because there is table-level protection. I think only the table
owner (creator) or the superuser can drop a table. Other access rights
for a table are controlled by GRANT/REVOKE --- see the doc pages for
those commands for more info. IIRC, the default is no access...
"local...all...trusted" is not a good idea on a machine where you don't
trust the other users, but that's because someone else can pretend to
be any authorized user (even the superuser!). I'd at least suggest
"ident" authentication in that situation, maybe "password" if the need
to enter passwords isn't too much of a PITA. You could also use
Kerberos if you have that installed.
regards, tom lane