James Hall <James.Hall@RadioShack.com> writes:
> Hello,
>
> Running version 7.1, have the following entry in PG_HBA.CONF:
> ---
> Local all trust
> Host all 123.0.0.0 255.255.255.0
> password
> ---
>
> With that setting, anyone can login to the database [via our web based
> interface]
> WITHOUT a valid password. If I change local from trust to password then web
> based users have to enter their specific password to login to the database.
> But none of the backup scripts run because postgres needs a password.
>
> Is this a bug, or do I have a misunderstanding of the local use?
It sounds like you're running the webserver on the same machine as the
database. If this is true, and if you're not using Java (which
doesn't do local sockets) the client access library is probably using
a local (AF_UNIX) socket to connect, which triggers the "Local" entry
in pg_hba.conf.
If you explicitly tell the webserver to connect using an IP address,
it should come in via a TCP connection and trigger the "Host" line
that you have.
-Doug
