Re: How to enable remote anoymous logins? (+ admin

On 2/27/06 12:58 PM, "kynn(at)panix(dot)com" <kynn(at)panix(dot)com> wrote:

>
>
> X-Original-To: kynn(at)panix(dot)com
> Date: Mon, 27 Feb 2006 10:34:22 -0500
> From: Sean Davis <sdavis2(at)mail(dot)nih(dot)gov>
> Thread-Topic: [NOVICE] How to enable remote anoymous logins? (+ admin
> books?)
> Thread-Index: AcY7s0gDhq1azaemEdqKXgANkzVl6A==
>
>
>
>
> On 2/27/06 10:21 AM, "kynn(at)panix(dot)com" <kynn(at)panix(dot)com> wrote:
>
>>
>>
>>
>> Hi. What must I do to enable remote anonymous logins to our
>> PostgreSQL server? What determines whether a password is required?
>> Is it possible to require that the password be the user's e-mail
>> address? Does the server keep record of all connections?
>>
>> (BTW, our server is version 8.0, and runs on Linux.)
>>
>> As you can see, I have many questions, too many in fact! I have not
>> had much luck finding good resources on *administering* a PostgreSQL
>> server. Are there any good books for this? Or other resources for
>> the novice dbadmin? I'm particularly interested in stuff on
>> administering PostgreSQL on Linux/Unix.
>
> If you haven't found the postgresql docs yet, they are here and are
> excellent.
>
> http://www.postgresql.org/docs/8.0
>
> See here for details on what you want to do:
>
> http://www.postgresql.org/docs/8.0/interactive/client-authentication.html
>
> Thanks!
>
> However, in short, you probably DO NOT want to make anonymous connections
> to
> your database in most cases. What is it that you are trying to do?
>
>
>
> I am trying go mimic the behavior of other DB servers I have used that
> allow me to connect, without requiring a password, with something
> like:
>
> % mysql -h ensembldb.ensembl.org -U anonymous

Ah, yes, good-ol ensembl.

> Granted, all the examples I know of are, like the one shown above,
> with MySQL servers, but I thought I'd be able to do the same thing
> with Postgres.

Yes. You can. Just create an anonymous user and set the auth type to
"trust" for all connections. If you do this, you need to make ABSOLUTELY
SURE that you have sufficiently limited the privileges of that user.

> Needless to say, my intention was to give the anonymous user minimal
> privileges (namely, read-only queries on a specific database).
>
> I suppose that even a user with minimal privileges could cause harm
> (e.g. by submitting a very computationally demanding request). Is
> this the reason for the advice against such connections, or is there
> something else?

That is the main reason in my mind. You might want to look at a web-based
abstraction layer (website) that allows common queries in a quick-and-easy
way and then create user accounts for your "power users" on an as-needed
basis. Look at ensmart, biomart, and the UCSC table browser for excellent
examples of these in genomics.

Sean