Thread: Another access control query
Hello, Similar to other questions I've seen posed in the last day or so, apologies if this exact question has been asked, I don't think it has. I want to restrict access to a set of databases to connections from a specfic machine and a specific user. Lines in my pg_hba.conf file are similar to this: host db1 serverip netmask password Effectively what I want to do is have something like: host db1 username1 serverip netmask password host db2 username2 serverip netmask password thereby ensuring that it is not possible for user2 to connect to db1 from the same machine. I know I can set up the different db's so that table security only gives any access to the user I want, but that is fiddly. Being able to do the above and prevent connections to the database will resolve that issue. Any ideas? Regards, Mark. -- Mark Jewiss Knowledge Matters Limited http://www.knowledge.com
A lot of this has come up recently. Bruce, perhaps you can add a TODO like this: * Completely rethink authentication. I have some ideas (think tcpd), but I have way too many ideas and too little time these days :( -Peter On Thu, 14 Oct 1999, Mark Jewiss wrote: > Hello, > > Similar to other questions I've seen posed in the last day or so, > apologies if this exact question has been asked, I don't think it has. > > I want to restrict access to a set of databases to connections from a > specfic machine and a specific user. > > Lines in my pg_hba.conf file are similar to this: > > host db1 serverip netmask password > > Effectively what I want to do is have something like: > > host db1 username1 serverip netmask password > host db2 username2 serverip netmask password > > thereby ensuring that it is not possible for user2 to connect to db1 from > the same machine. > > I know I can set up the different db's so that table security only gives > any access to the user I want, but that is fiddly. Being able to do the > above and prevent connections to the database will resolve that issue. > > Any ideas? > > Regards, > > Mark. > -- Peter Eisentraut Sernanders vaeg 10:115 peter_e@gmx.net 75262 Uppsala http://yi.org/peter-e/ Sweden
> A lot of this has come up recently. Bruce, perhaps you can add a TODO like > this: > * Completely rethink authentication. > > I have some ideas (think tcpd), but I have way too many ideas and too > little time these days :( > Kind of vague. -- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026