Postgres Pro
Downloads
Home   >   mailing lists

Thread: Security, IP and username restrictions

Security, IP and username restrictions

From
"Tuomas Vanhanen"
Date:
Hi,

I´m very new to Postgres and I need some help with following:

Is it possible to restrict user rights by using both username and password
and IP address.

I have a situation where same user accessing the database from different
locations (IP addresses) must have different user rights. This means, that
same user in different locations would see different ammount of data. I know
I can build this easily to the web based front-end, but I´d like to make the
restriction in Postgres too.

thanks!

-Tuomas

Re: Security, IP and username restrictions

From
"Derek Barrett"
Date:
pg_hba.conf can restrict specific IP's to particular databases.

I don't know if it goes down to the table level though.


----- Original Message -----
From: "Tuomas Vanhanen" <Tuomas@TuomasVanhanen.com>
Date: Tue, 23 Jul 2002 17:35:24 +0300
To: <pgsql-novice@postgresql.org>
Subject: [NOVICE] Security, IP and username restrictions


> Hi,
>
> I´m very new to Postgres and I need some help with following:
>
> Is it possible to restrict user rights by using both username and password
> and IP address.
>
> I have a situation where same user accessing the database from different
> locations (IP addresses) must have different user rights. This means, that
> same user in different locations would see different ammount of data. I know
> I can build this easily to the web based front-end, but I´d like to make the
> restriction in Postgres too.
>
> thanks!
>
> -Tuomas
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>
>

--
_______________________________________________
Get your free email from http://www.graffiti.net

Powered by Outblaze

Re: Security, IP and username restrictions

From
Josh Berkus
Date:
Tuomas,

> I have a situation where same user accessing the database from different
> locations (IP addresses) must have different user rights. This means, that
> same user in different locations would see different ammount of data. I know
> I can build this easily to the web based front-end, but I´d like to make the
> restriction in Postgres too.

This is not currently implemented in Postgres.   Currently, pg_hba.conf
restricts IP address access, and user rights in the database define
individual table access.  These two security mechanisms do not interact.

As such, you will need to use a custom solution in either your front-end code,
or by using the PostgreSQL RULEs system to restrict access.

--
-Josh Berkus
 Aglio Database Solutions
 San Francisco