Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2
От | Larry Rosenman |
---|---|
Тема | Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2 |
Дата | |
Msg-id | 20001028121933.A27315@lerami.lerctr.org обсуждение исходный текст |
Ответ на | Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2 ("Robert Vogt IV" <vogt@arborhost.com>) |
Список | pgsql-general |
* Robert Vogt IV <vogt@arborhost.com> [001028 12:10]: [SNIP] > By the way- does anybody know of any resources related to securing > databases. We'd like to only allow certain users access to each database, > but cannot find the appropriate section in any of the documentation pages. Look at pg_hba.conf in your data directory. Here is mine from 7.0.2: # cat pg_hba.conf # # Example PostgreSQL host access control file. # # # This file controls what hosts are allowed to connect to what # databases # and specifies some options on how users on a particular host are # identified. # It is read each time a host tries to make a connection to a # database. # # Each line (terminated by a newline character) is a record. A record # cannot # be continued across two lines. # # There are 3 kinds of records: # # 1) comment: Starts with #. # # 2) empty: Contains nothing excepting spaces and tabs. # # 3) content: anything else. # # Unless specified otherwise, "record" from here on means a content # record. # # A record consists of tokens separated by spaces or tabs. Spaces and # tabs at the beginning and end of a record are ignored as are extra # spaces and tabs between two tokens. # # The first token in a record is the record type. The interpretation # of the # rest of the record depends on the record type. # # Record type "host" # ------------------ # # This record identifies a set of network hosts that are permitted to # connect # to databases. No network hosts are permitted to connect except as # specified # by a "host" record. See the record type "local" to specify # permitted # connections using UNIX sockets. # # Format: # # host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [AUTH_ARGUMENT] # # DBNAME is the name of a PostgreSQL database, "all" to indicate all # databases, or "sameuser" to restrict a user's access to a database # with the same user name. # # IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address # and # mask to identify a set of hosts. These hosts are allowed to connect # to # Database DBNAME. # # USERAUTH is a keyword indicating the method used to authenticate the # user, i.e. to determine that the principal is authorized to connect # under the PostgreSQL username he supplies in his connection # parameters. # # ident: Authentication is done by the ident server on the remote # host, via the ident (RFC 1413) protocol. AUTH_ARGUMENT, # if # specified, is a map name to be found in the pg_ident.conf # file. # That table maps from ident usernames to PostgreSQL # usernames. The # special map name "sameuser" indicates an implied map (not # found # in pg_ident.conf) that maps every ident username to the # identical # PostgreSQL username. # # trust: No authentication is done. Trust that the user has the # authority to use whatever username he specifies. Before # PostgreSQL version 6, all authentication was done this # way. # # reject: Reject the connection. # # password: Authentication is done by matching a password supplied # in clear # by the host. If AUTH_ARGUMENT is specified then the # password # is compared with the user's entry in that file (in the # $PGDATA # directory). See pg_passwd(1). If it is omitted then # the # password is compared with the user's entry in the # pg_shadow # table. # # crypt: Authentication is done by matching an encrypted password # supplied # by the host with that held for the user in the pg_shadow # table. # # krb4: Kerberos V4 authentication is used. # # krb5: Kerberos V5 authentication is used. # Record type "hostssl" # --------------------- # # This record identifies the authentication to use when connecting to # a # particular database via TCP/IP sockets over SSL. Note that normal # "host" records are also matched - "hostssl" records can be used to # require a SSL connection. # This keyword is only available if the server is compiled with SSL # support # enabled. # # The format of this record is identical to that of "host". # Record type "local" # ------------------ # # This record identifies the authentication to use when connecting to # a # particular database via a local UNIX socket. # # Format: # # local DBNAME USERAUTH [AUTH_ARGUMENT] # # The format is the same as that of the "host" record type except that # the # IP_ADDRESS and ADDRESS_MASK are omitted and the "ident", "krb4" and # "krb5" # values of USERAUTH are not allowed. # For backwards compatibility, PostgreSQL also accepts pre-version 6 # records, # which look like: # # all 127.0.0.1 0.0.0.0 # TYPE DATABASE IP_ADDRESS MASK USERAUTH MAP #host all 127.0.0.1 255.255.255.255 trust # The above allows any user on the local system to connect to any # database # under any username. #host template1 192.168.0.0 255.255.255.0 ident sameuser # The above allows any user from any host with IP address 192.168.0.x # to # connect to database template1 as the same username that ident on # that host # identifies him as (typically his Unix username). #host all 192.168.0.1 255.255.255.255 reject #host all 0.0.0.0 0.0.0.0 trust # The above would allow anyone anywhere except from 192.168.0.1 to # connect to # any database under any username. #host all 192.168.0.0 255.255.255.0 ident omicron # # The above would allow users from 192.168.0.x hosts to connect to any # database, but if Ident says the user is "bryanh" and he requests to # connect as PostgreSQL user "guest1", the connection is only allowed # if # there is an entry for map "omicron" in pg_ident.conf that says # "bryanh" is # allowed to connect as "guest1". # By default, allow anything over UNIX domain sockets and localhost. local all trust host all 127.0.0.1 255.255.255.255 trust host all 207.158.72.11 255.255.255.255 trust host all 207.158.72.45 255.255.255.255 trust # > > Thank you for your time and assistance. > > > Sincerely, > > Robert Vogt IV > CEO > ArborHost -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 (voice) Internet: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
В списке pgsql-general по дате отправления:
Предыдущее
От: "Robert Vogt IV"Дата:
Сообщение: Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2
Следующее
От: Tom LaneДата:
Сообщение: Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2