Thread: Another access control query

Another access control query

From

Mark Jewiss

Date:

14 October 1999, 13:50:14

Hello,

Similar to other questions I've seen posed in the last day or so,
apologies if this exact question has been asked, I don't think it has.

I want to restrict access to a set of databases to connections from a
specfic machine and a specific user.

Lines in my pg_hba.conf file are similar to this:

host    db1    serverip    netmask    password

Effectively what I want to do is have something like:

host    db1    username1    serverip    netmask    password
host    db2    username2    serverip    netmask    password

thereby ensuring that it is not possible for user2 to connect to db1 from
the same machine.

I know I can set up the different db's so that table security only gives
any access to the user I want, but that is fiddly. Being able to do the
above and prevent connections to the database will resolve that issue.

Any ideas?

Regards,

Mark.
--
Mark Jewiss
Knowledge Matters Limited
http://www.knowledge.com

Re: [GENERAL] Another access control query

From

Peter Eisentraut

Date:

14 October 1999, 14:07:15

A lot of this has come up recently. Bruce, perhaps you can add a TODO like
this:
* Completely rethink authentication.

I have some ideas (think tcpd), but I have way too many ideas and too
little time these days :(

    -Peter


On Thu, 14 Oct 1999, Mark Jewiss wrote:

> Hello,
>
> Similar to other questions I've seen posed in the last day or so,
> apologies if this exact question has been asked, I don't think it has.
>
> I want to restrict access to a set of databases to connections from a
> specfic machine and a specific user.
>
> Lines in my pg_hba.conf file are similar to this:
>
> host    db1    serverip    netmask    password
>
> Effectively what I want to do is have something like:
>
> host    db1    username1    serverip    netmask    password
> host    db2    username2    serverip    netmask    password
>
> thereby ensuring that it is not possible for user2 to connect to db1 from
> the same machine.
>
> I know I can set up the different db's so that table security only gives
> any access to the user I want, but that is fiddly. Being able to do the
> above and prevent connections to the database will resolve that issue.
>
> Any ideas?
>
> Regards,
>
> Mark.
>

--
Peter Eisentraut                  Sernanders vaeg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden

Re: [GENERAL] Another access control query

From

Bruce Momjian

Date:

14 October 1999, 17:13:17

> A lot of this has come up recently. Bruce, perhaps you can add a TODO like
> this:
> * Completely rethink authentication.
>
> I have some ideas (think tcpd), but I have way too many ideas and too
> little time these days :(
>

Kind of vague.

--
  Bruce Momjian                        |  http://www.op.net/~candle
  maillist@candle.pha.pa.us            |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026