Re: docs about security - Mailing list pgsql-docs
From | speeves@unt.edu (speeves) |
---|---|
Subject | Re: docs about security |
Date | |
Msg-id | d6351bca.0110180814.2908ffd9@posting.google.com Whole thread Raw |
In response to | docs about security (speeves@unt.edu (speeves)) |
List | pgsql-docs |
speeves@unt.edu (speeves) wrote in message news:<d6351bca.0110171022.1cce600@posting.google.com>... > Hi! > > I am resending a plea for some good security docs, or locations > thereof. I have been wrestling with security on Postgres for some > time, and have finally given up for a time. Is there a chance that > someone could write a good tutorial, or a chapter in a book, that can > explain the various aspects of security on Postgres. > > The reason that I am asking, is because I have been trying to see if > Postgres would/could be a replacement for our 30+ databases(access + > sql server). From the understanding that I get from what I read it > doesn't look like I can do the security scheme that I want. (I have > great respect for all of you who are working on a great product, but > as of now, I can't wrap my brain around your security scheme...:( ) > > Thanks for letting me vent, > > Speeves > Well, my book does cover it a little: > > http://www.postgresql.org/docs/awbook.html > > There is table-level security (GRANT), view-level security, and > database/host access security. > > Tell us what you want to do and we can tell you if you can do it with > PostgreSQL. > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 Thanks for the quick reply!:) What I am trying to do, is, (for example), prepare a test setup for a class. I have setup the pg_hba.conf file as : host test1 123.456.789.45 255.255.255.255 password test1 (I am just using password, cause I want to understand what is going on before I start messing with crypt and the other aspects of authentication.) The database resides on: 123.456.785.56 I have setup a password file using pg_passwd and set it in $PGDATA and have tested it locally. (Except the pg_hba.conf file has: (local computer w/ db) host all 123.456.789.56 255.255.255.255 password test (test file contains superuser, test1 doesn't) When I sit at remote computer (123.456.789.45) I try to login to test1 db and it works but... I need to log-in the first time as a super-user to allow it to update some server side information. Is this a security default? Is there a way around it? If I have a class of 10 people with 10 different db's, it's a pain to have to login as a superuser to all of the db's. Esp. if they are only going to use it one time. On a larger scale, am I going to have to sit at (ie) 5000 computers around campus to update the server side stuff for every new dsn that is created? Or, is it that I can login once as superuser to every db that is created and it will allow simple users to access the db ever-after? (Still a pain...) (Oh, I am using PgAdmin on windows machines for clients, and postgresql is running on a linux box.) The next question is... Can I allow access to multiple dbs on one line, such as: host test1,test 123.456.789.45 255.255.255.255 password test1 (test1 contains username blah only) Can I do it on multiple lines in the conf file? When doing this for a large organization, this seems like an administrative behemoth... I guess some sort of web interface would make it easier for the end-user that needs to create db's...? Is it possible to create containers so that multiple departments can have a superuser that can create db's in their container, but not in someone elses container? (We're talking about possibly 100's of departments inside about 10 colleges and administrative offices.) From what I see now, a superuser can create db's any and everywhere on the server... I had some other's, but am unable to remember them. Again, thanks for your help! (And by the way, I enjoyed your book:) ) -- Shannon Peevey Central Web Support UNT-Computing Center speeves@unt.edu 940-369-8876
pgsql-docs by date: