Skip site navigation (1) Skip section navigation (2)

Re: docs about security

From: speeves(at)unt(dot)edu (speeves)
To: pgsql-docs(at)postgresql(dot)org
Subject: Re: docs about security
Date: 2001-10-18 16:14:57
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-docs
speeves(at)unt(dot)edu (speeves) wrote in message news:<d6351bca(dot)0110171022(dot)1cce600(at)posting(dot)google(dot)com>...
> Hi!
> I am resending a plea for some good security docs, or locations
> thereof.  I have been wrestling with security on Postgres for some
> time, and have finally given up for a time.  Is there a chance that
> someone could write a good tutorial, or a chapter in a book, that can
> explain the various aspects of security on Postgres.
> The reason that I am asking, is because I have been trying to see if
> Postgres would/could be a replacement for our 30+ databases(access +
> sql server).  From the understanding that I get from what I read it
> doesn't look like I can do the security scheme that I want.  (I have
> great respect for all of you who are working on a great product, but
> as of now, I can't wrap my brain around your security scheme...:(  )
> Thanks for letting me vent,
> Speeves
> Well, my book does cover it a little:
> There is table-level security (GRANT), view-level security, and
> database/host access security.
> Tell us what you want to do and we can tell you if you can do it with
> PostgreSQL.
> --
>   Bruce Momjian                        |
>   pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
>   +  If your life is a hard drive,     |  830 Blythe Avenue
>   +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
Thanks for the quick reply!:)

What I am trying to do, is, (for example), prepare a test setup for a
class.  I have setup the pg_hba.conf file as :

host  test1	123.456.789.45 password test1

(I am just using password, cause I want to understand what is going on
before I start messing with crypt and the other aspects of

The database resides on:


I have setup a password file using pg_passwd and set it in $PGDATA and
have tested it locally.  (Except the pg_hba.conf file has:

(local computer w/ db)
host all	123.456.789.56 password test  (test file
contains superuser, test1 doesn't)

When I sit at remote computer (123.456.789.45) I try to login to test1
db and it works but...  I need to log-in the first time as a
super-user to allow it to update some server side information.  Is
this a security default?  Is there a way around it?  If I have a class
of 10 people with 10 different db's, it's a pain to have to login as a
superuser to all of the db's.  Esp. if they are only going to use it
one time. On a larger scale, am I going to have to sit at (ie) 5000
computers around campus to update the server side stuff for every new
dsn that is created?  Or, is it that I can login once as superuser to
every db that is created and it will allow simple users to access the
db ever-after?  (Still a pain...)  (Oh, I am using PgAdmin on windows
machines for clients, and postgresql is running on a linux box.)

The next question is...  Can I allow access to multiple dbs on one
line, such as:

host test1,test 123.456.789.45 password test1  (test1
contains username blah only)

Can I do it on multiple lines in the conf file?  When doing this for a
large organization, this seems like an administrative behemoth...  I
guess some sort of web interface would make it easier for the end-user
that needs to create db's...?

Is it possible to create containers so that multiple departments can
have a superuser that can create db's in their container, but not in
someone elses container?  (We're talking about possibly 100's of
departments inside about 10 colleges and administrative offices.) 
>From what I see now, a superuser can create db's any and everywhere on
the server...

I had some other's, but am unable to remember them.

Again, thanks for your help!  (And by the way, I enjoyed your book:) )

Shannon Peevey
Central Web Support
UNT-Computing Center

In response to

pgsql-docs by date

Next:From: Dave_PfaltzgraffDate: 2001-10-18 19:30:15
Subject: Suggestion ...
Previous:From: Bruce MomjianDate: 2001-10-18 14:51:20
Subject: Re: docs about security

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group