Since I'm used to the MySQL security paradigm/model, I'm having a little
difficulty understanding the security with pgsql.
I noticed that once a db is created, any user able to log in to the server
can create tables within a database. The docs indicate that I can create a
file containing username:[password] combos to allow only listed users
access to a database, but apparently it's a one file/one database scheme.
"To restrict the set of users that are allowed to connect to certain
databases, list the set of users in a separate file (one user name
per
line) in the same directory that pg_hba.conf is in, and mention
the (base)
name of the file after the password or crypt keyword,
respectively, in
pg_hba.conf. If you do not use this feature, then any user that is
known
to the database system can connect to any database (so long as he
passes password authentication, of course). "
If I want to allow users access to only their databases, do I create a
separate file for each database, and then include the allowed users in that
file? I'm really after by-database security, as opposed to by-table so it
doesn't appear that using groups would help.
The question then arises: Do I then need to add a separate line in
pg_hba.conf for each database under this kind of control?
Thanks