Thread: Problem in User Securities

Problem in User Securities

From
"shreedhar"
Date:
Hi all,
 
I went through pg_hba.conf, I tried to change 'local' and 'Host' permissions.
 
I gave permissions like
 
local all         password
host all x.x.x.x x.x.x.x password
 
if i tried to login using my database password i got an error like 'password authentication failed'.
 
can any body tell how can i set pg_hba.conf which will restrict either 'local' or 'host' not to enter with our giving password.
 
thanks alot.
 
with best regards,
S Baskar
On Mon, 2002-05-20 at 10:32, shreedhar wrote:
> Hello All,
>
> I am new to Postgres, While I was checking 'User Securities' in postgres I
> got the following problem.
>
> I created a user using 'createuser' command and gave superuser permissions.
>
> but while accessing database, even if we have not given   '-W' password
> option it is entering into database. So who knows Unix administrator
> password can enter into any database if they know corresponding login name
> and they work with the same permissions..
>
> And also i observed that even we can enter into template1 with out giving
> any username or password.
>
> I doubt there will be a way to restrict this.
>
> Can any body help me regarding this.
 
Look at $PGDATA/pg_hba.conf, which defines your access control.
 
--
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
 
     "For all that is in the world, the lust of the flesh,
      and the lust of the eyes, and the pride of life, is
      not of the Father, but is of the world."      
                             I John 2:17