| From: | Scott Marlowe <smarlowe(at)g2switchworks(dot)com> |
|---|---|
| To: | wim(dot)bertels(at)khleuven(dot)be |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: alter user |
| Date: | 2005-09-23 15:32:28 |
| Message-ID: | 1127489548.30825.90.camel@state.g2switchworks.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Thu, 2005-09-22 at 19:32, Wim Bertels wrote:
> On Friday 23 September 2005 01:51, Scott Marlowe seinde rooksignalen:
> > Instead of using a general purpose account, why not give everyone an
> > account, then make them a member of a group, and give that group the
> > access.
> >
> > That way you can easily add / remove people from the group instead of
> > trying to do it this way.
>
> not an option, its for scripting and testing purposes
I don't see why my method(s) excludes scripting and testing.
> >
> > Otherwise, don't use a password, set the machine to use trust or ident or
> > something like that where a password wouldn't matter.
>
> although it is then a user/pasword known by a lot of people,
> it is still beter than no password
No, it really isn't. Once everyone (or a large enough subset of
everyone) knows the password, it's no better than an account that can
log in without one.
If it's a generic read only account with the same name as the database,
give it select only permission, and add a line like this:
host sameuser all 10.1.1.1 255.255.255.0 trust
where the 10.1.1.1 / 255.255.255.0 are replaced with the appropriate
mask to let your test machines log in. Put the host / md5 lines after
this one for the same line but with all in place of sameuser and you're
gold.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aldor | 2005-09-23 15:52:02 | Re: [ADMIN] COPY TO / COPY FROM |
| Previous Message | Scott Marlowe | 2005-09-23 15:23:44 | Re: Encrypted Disks |