| From: | R D <mrk279(at)yahoo(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | few more securiry questions :-) |
| Date: | 2000-05-31 14:50:31 |
| Message-ID: | 20000531145031.24271.qmail@web206.mail.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Thanks! But this answers gave rise to some new
questions.
1.I think it will be good pgSQL to accept the
"GRANT ALL ON * TO SOMEUSER;" and
"REVOKE ALL ON * FROM SOMEUSER;" so are there
any plans in implementing this? Does anybody knows?
2.Why the authentication system is not integrated in
the system databases of pgSQL,like in MySQL for
example?
3.Are there any plans in making security system more
flexible?
regards:
Rumen
--- Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> R D writes:
>
> > 1. How can I forbid to some users to create
> tables
> > in some databases which they can acccess.
>
> You can't. Working on that ...
>
> > 2. How can I GRANT/REJECT some privileges on all
> > objects in a database TO/FROM some users, since i
> > can't type "GRANT ALL ON * TO SOMEUSER;" in PgSQL.
> Is
> > there any functional analog?
>
> You can't internally. You can read the list of all
> tables from the
> pg_class system catalog and have your application
> issue the command GRANT
> x ON table1, table2, table3, ... TO y.
>
> > 3. How can I reject to some users connections to
> > some databases from any host using password
> > authentication?
>
> You can create a separate password file for the
> databases and only list
> the users you want in that password file. The syntax
> for this is
> `... password filename' in pg_hba.conf. See also the
> pg_passwd command for
> making password files.
>
> > 4. Why this pg_hba.conf does not alow uses from
> > 192.168.200.X to connect to the databases with
> message
> > telling that there was no entry for 192.168.200.x
> in
> > pg_hba.conf?
> > # pg_hba.conf
> >
> > local all trust
> > host all 0.0.0.0 0.0.0.0
> reject
> > host all 192.168.200.0 255.255.255.0
> password
>
> Because a mask of 0.0.0.0 matches every host, so the
> reject kicks in. The
> logic here is that
>
> ({host entry} XOR {actual host}) AND {mask entry}
>
> must be 0 for a record to match.
>
>
> --
> Peter Eisentraut Sernanders vg
> 10:115
> peter_e(at)gmx(dot)net 75262 Uppsala
> http://yi.org/peter-e/ Sweden
>
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Norbert Meissner | 2000-05-31 15:41:54 | Re: table size limit under Linux |
| Previous Message | Loïc TREGOUËT | 2000-05-31 13:13:14 | Re: pgaccess use wrong password |