On Wed, 01 Jun 2005 11:39:22 -0400, tgl@xxxxxxxxxxxxx (Tom Lane) wrote: >> I have a database with a 'Guest' account, that will have limited >> access. I don't want any of my guests to change the Guest account >> password. > >Perhaps you should use something other than password authentication >for the guest account. Thanks for your reply Tom, I want anyone from anywhere to be able to connect to my_database (only my_database, not others in the cluster) using the guest account. The system is to be live on the Internet. Putting: host my_database guest 0.0.0.0 0.0.0.0 trust ahead of other entries in pg_hba.conf seems to do the trick. Even if guest is given a password, or it gets changed, guest can connect without being asked for it. The guest account will only be allowed select permissions. Does this open me to being attacked? I assume guest could then query various system tables, but that other users passwords are either not visible or securely encrypted. regards Richard ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
