Re: Explain auth/access/priv system?? - Mailing list pgsql-general

From Tom Lane
Subject Re: Explain auth/access/priv system??
Date
Msg-id 4560.959122295@sss.pgh.pa.us
Whole thread Raw
In response to Re: Explain auth/access/priv system??  (Philip Hallstrom <philip@adhesivemedia.com>)
List pgsql-general
Philip Hallstrom <philip@adhesivemedia.com> writes:
> Got it.  Thanks again.  So really that last entry in pg_hba.conf (the
> "local...all...trusted") is dangerous... can any user who can connect to a
> database also drop tables?

No, because there is table-level protection.  I think only the table
owner (creator) or the superuser can drop a table.  Other access rights
for a table are controlled by GRANT/REVOKE --- see the doc pages for
those commands for more info.  IIRC, the default is no access...

"local...all...trusted" is not a good idea on a machine where you don't
trust the other users, but that's because someone else can pretend to
be any authorized user (even the superuser!).  I'd at least suggest
"ident" authentication in that situation, maybe "password" if the need
to enter passwords isn't too much of a PITA.  You could also use
Kerberos if you have that installed.

            regards, tom lane

pgsql-general by date:

Previous
From: Philip Hallstrom
Date:
Subject: Re: Explain auth/access/priv system??
Next
From: Philip Hallstrom
Date:
Subject: TO_DATE and single digit months driving me nuts...