PG 7.0.2, RH Linux 6.2
I'm trying to secure access to pgsql databases.
the politic I use is to only allow access databases with passwords.
for this, I use in pg_hba.conf :
local all password
host all 127.0.0.1 255.255.255.255 password
I don't understand why with this configuration I can access to all
databases even if I'm not the owner, for example : If the database test is
owned by user1 and this user has all grants on all tables in this
database, every user created with "CREATE USER ..." (with or without
password) in the local system can run a command like :
user2% psql test -U user1
Welcome to psql, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit
test=>
Why this access is allowed ?
How to secure accesses to databases ?
I don't see where is the problem.
Thanks for your suggestions.
Denis Pugnère