Jsp, Tomcat, J2Ee, Linux Web Hosting, Hibernate Programming Blog

656 CHAPTER 29 SECURING POSTGRESQL # Allow any client with IP address 192.168.76.x to connect to the # “warehouse” database as user “reports” as long as a password is # given # TYPE DATABASE USER CIDR-ADDRESS METHOD host warehouse reports 192.168.76.0/24 password # Allow user “rob” from host 192.168.21.12 to connect to database # “template1″ if the user’s password is correctly supplied. # # TYPE DATABASE USER CIDR-ADDRESS METHOD host all rob 192.168.21.12/32 md5 # Allow connection from any IP address on the Internet to connect to # either the bpsimple or bpfinal databases, provided that the user can # pass an ident check for being either rick or neil # TYPE DATABASE USER CIDR-ADDRESS METHOD host bpsimple,bpfinal rick,neil 0.0.0.0/0 ident The pg_class Table Once a user has authenticated through the pg_hba.conf file, the next step of the connection is to determine whether the user is authorized to execute a given query. This duty falls primarily on information found in the pg_class table. The pg_class table contains a wide array of information about most of the different table-like objects in a PostgreSQL database, including tables, views, and indexes, but for the purposes of securing your database, the key column in this table is called relacl, which can be thought of as the relations access control list. The relacl column is rather cryptic at first glance, but its information can be deduced with a little direction. The relacl column s data type is an array of aclitems, which is quite different from any other column you might have seen. A typical relacl entry might look something like this: phppg=# SELECT relname, relacl FROM pg_class WHERE relname=’pg_class’; relname | relacl ———-+———pg_ class | {=r/postgres} (1 row) This means that the user postgres has granted read permissions on the table pg_class to PUBLIC. But this is getting a little ahead of ourselves, so let s take a moment to break down the different types of permissions that are available to users and what their corresponding entries would be. The list of attributes you will find in the reacl column includes the following items: a: Stands for append and represents INSERT privileges. r: Stands for read and represents SELECT privileges.
If you are looking for affordable and reliable webhost to host and run your business application visit our ftp web hosting services.

This entry was posted on Sunday, May 25th, 2008 at 8:59 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.