docs about security
Hi!
I am resending a plea for some good security docs, or locations
thereof. I have been wrestling with security on Postgres for some
time, and have finally given up for a time. Is there a chance that
someone could write a good tutorial, or a chapter in a book, that can
explain the various aspects of security on Postgres.
The reason that I am asking, is because I have been trying to see if
Postgres would/could be a replacement for our 30+ databases(access +
sql server). From the understanding that I get from what I read it
doesn't look like I can do the security scheme that I want. (I have
great respect for all of you who are working on a great product, but
as of now, I can't wrap my brain around your security scheme...:( )
Thanks for letting me vent,
Speeves
Hi!
I am resending a plea for some good security docs, or locations
thereof. I have been wrestling with security on Postgres for some
time, and have finally given up for a time. Is there a chance that
someone could write a good tutorial, or a chapter in a book, that can
explain the various aspects of security on Postgres.The reason that I am asking, is because I have been trying to see if
Postgres would/could be a replacement for our 30+ databases(access +
sql server). From the understanding that I get from what I read it
doesn't look like I can do the security scheme that I want. (I have
great respect for all of you who are working on a great product, but
as of now, I can't wrap my brain around your security scheme...:( )
Well, my book does cover it a little:
http://www.postgresql.org/docs/awbook.html
There is table-level security (GRANT), view-level security, and
database/host access security.
Tell us what you want to do and we can tell you if you can do it with
PostgreSQL.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026speeves@unt.edu (speeves) wrote in message news:<d6351bca.0110171022.1cce600@posting.google.com>...
Hi!
I am resending a plea for some good security docs, or locations
thereof. I have been wrestling with security on Postgres for some
time, and have finally given up for a time. Is there a chance that
someone could write a good tutorial, or a chapter in a book, that can
explain the various aspects of security on Postgres.The reason that I am asking, is because I have been trying to see if
Postgres would/could be a replacement for our 30+ databases(access +
sql server). From the understanding that I get from what I read it
doesn't look like I can do the security scheme that I want. (I have
great respect for all of you who are working on a great product, but
as of now, I can't wrap my brain around your security scheme...:( )Thanks for letting me vent,
Speeves
Well, my book does cover it a little:http://www.postgresql.org/docs/awbook.html
There is table-level security (GRANT), view-level security, and
database/host access security.Tell us what you want to do and we can tell you if you can do it with
PostgreSQL.-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Thanks for the quick reply!:)
What I am trying to do, is, (for example), prepare a test setup for a
class. I have setup the pg_hba.conf file as :
host test1 123.456.789.45 255.255.255.255 password test1
(I am just using password, cause I want to understand what is going on
before I start messing with crypt and the other aspects of
authentication.)
The database resides on:
123.456.785.56
I have setup a password file using pg_passwd and set it in $PGDATA and
have tested it locally. (Except the pg_hba.conf file has:
(local computer w/ db)
host all 123.456.789.56 255.255.255.255 password test (test file
contains superuser, test1 doesn't)
When I sit at remote computer (123.456.789.45) I try to login to test1
db and it works but... I need to log-in the first time as a
super-user to allow it to update some server side information. Is
this a security default? Is there a way around it? If I have a class
of 10 people with 10 different db's, it's a pain to have to login as a
superuser to all of the db's. Esp. if they are only going to use it
one time. On a larger scale, am I going to have to sit at (ie) 5000
computers around campus to update the server side stuff for every new
dsn that is created? Or, is it that I can login once as superuser to
every db that is created and it will allow simple users to access the
db ever-after? (Still a pain...) (Oh, I am using PgAdmin on windows
machines for clients, and postgresql is running on a linux box.)
The next question is... Can I allow access to multiple dbs on one
line, such as:
host test1,test 123.456.789.45 255.255.255.255 password test1 (test1
contains username blah only)
Can I do it on multiple lines in the conf file? When doing this for a
large organization, this seems like an administrative behemoth... I
guess some sort of web interface would make it easier for the end-user
that needs to create db's...?
Is it possible to create containers so that multiple departments can
have a superuser that can create db's in their container, but not in
someone elses container? (We're talking about possibly 100's of
departments inside about 10 colleges and administrative offices.)
From what I see now, a superuser can create db's any and everywhere on
the server...
I had some other's, but am unable to remember them.
Again, thanks for your help! (And by the way, I enjoyed your book:) )
--
Shannon Peevey
Central Web Support
UNT-Computing Center
speeves@unt.edu
940-369-8876