Dave,
> Currently we TRUST local users so pretty much any user can access any
> database
> from the shell.
> When PHP or Perl(DBI) accesses the postgres database, can they simply
> specify
> any userid and database set as a local user would, or are they
> restricted to the
> "host sameuser 0.0.0.0 0.0.0.0 password" setting in pg_hba.conf
Anything running on the same machine, whether a shell, PHP, or Perl, is
covered by the "trust" statement, unless you make the mistake of
routing your connection through an external interface.
However, I strongly reccommend against using "trust" on any public web
server.
-Josh Berkus