[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnumed-devel] Re: Changes in "pg_hba.conf" between postgresql versions
|
From: |
Andreas Tille |
|
Subject: |
[Gnumed-devel] Re: Changes in "pg_hba.conf" between postgresql versions 7.3.2 & 7.2.2 |
|
Date: |
Wed, 18 Jun 2003 11:13:36 +0200 (CEST) |
On Tue, 17 Jun 2003, Michael Bonert wrote:
> Here they are side-by-side:
> -----
> Postgresql 7.3.2 (Mandrake 9.1)
> local all all trust
> host all all 127.0.0.1 255.255.255.255 trust
>
> -----
> Postgresql 7.2.2 (Mandrake 9.0)
> local all trust
> host all 127.0.0.1 255.255.255.255 trust
While I have no doubt that this works I decided to open not all rights when
I builded the GnuMed Debian packages.
At first I exclusively use sockets for the connection. This would leave just
the lines containing 'local' in the beginning. The lines started with 'host'
can be removed.
Moreover I think allowing authentification TRUST for *all* databases is more
than we want and the number of users can also be reduced. The databases we
connect to are at first template1. This is done by the password method and
this leads to the line
local template1 @gmTemplate1User.list password
(for PostgreSQL 7.3.* !! - no tests for 7.2 so far)
The syntax starting with @ for the user means that the users which are allowed
to connect are stored in a file $PGDATA/gmTemplate1User.list and thus I
have a file
~# cat /var/lib/postgres/data/gmTemplate1User.list
gm-dbowner
on my box. Once the gnumed-test database is created the user gm-dbowner has
to connect also to this database. After some discussion with Karsten Hilbert
we found no better way than to use TRUST here. This leads to the line
local gnumed-test @gmTemplate1User.list trust
which enables all users listed in /var/lib/postgres/data/gmTemplate1User.list
to access database gnumed-test from localhost.
In my opinion these settings are the most restrictive settings to get the
database bootstrapped.
If local users want to *access* the database we need a further line for
pg_hba.conf:
local gnumed-test @gmGnumedUser.list password
~# cat /var/lib/postgres/data/gmGnumedUser.list
gm-dbowner
test-doc
_test-doc
so all users who want to *run* GnuMed on localhost have to be listed in this
file to enable password authentication to gnumed-test for them. The settings
above are quite insecure in my opinion and so I would like you to try this.
Kind regards
Andreas.
- [Gnumed-devel] Gnumed Providers, (continued)
- [Gnumed-devel] Gnumed Providers, Dr. Jones, 2003/06/18
- Re: [Gnumed-devel] Gnumed Providers, Horst Herb, 2003/06/18
- Re: [Gnumed-devel] Gnumed Providers, Karsten Hilbert, 2003/06/18
- [Gnumed-devel] Re: Gnumed Providers, Andreas Tille, 2003/06/18
- Re: [Gnumed-devel] Re: Gnumed Providers, David Guest, 2003/06/18
- Re: [Gnumed-devel] Re: Gnumed Providers, Karsten Hilbert, 2003/06/18
- Re: [Gnumed-devel] Re: Gnumed Providers, Karsten Hilbert, 2003/06/18
- Re: [Gnumed-devel] Re: Gnumed Providers, engelbert . gruber, 2003/06/18
- Re: [Gnumed-devel] Re: Gnumed Providers, Karsten Hilbert, 2003/06/18
- Re: [Gnumed-devel] Re: Gnumed Providers, Elizabeth Dodd, 2003/06/19
[Gnumed-devel] Re: Changes in "pg_hba.conf" between postgresql versions 7.3.2 & 7.2.2,
Andreas Tille <=