Dave, > Currently we TRUST local users so pretty much any user can access any > database > from the shell. > When PHP or Perl(DBI) accesses the postgres database, can they simply > specify > any userid and database set as a local user would, or are they > restricted to the > "host sameuser 0.0.0.0 0.0.0.0 password" setting in pg_hba.conf Anything running on the same machine, whether a shell, PHP, or Perl, is covered by the "trust" statement, unless you make the mistake of routing your connection through an external interface. However, I strongly reccommend against using "trust" on any public web server. -Josh Berkus
