In article <[EMAIL PROTECTED]>, Olaf van der Spek <[EMAIL PROTECTED]> wrote: >On Thu, 16 Dec 2004 08:51:32 -0600, Steve Greenland ><[EMAIL PROTECTED]> wrote: >> On 16-Dec-04, 08:04 (CST), Olaf van der Spek <[EMAIL PROTECTED]> wrote: >> > Take for example a web application like a forum. It requires the >> > password so it can connect to the database. It can't/won't ask the >> > password from the user. >> >> But there is (or at least, should be) a specific user for that forum >> application, with the minimum of rights needed for that application >> (e.g. SELECT and UPDATE) in a single specific database. You're talking >> about a DB *admin* password. > >Ah, k. It makes less/no sense to store that password. >But I wonder, is there no way to use the 'power' of the root account >to do such DB administration without password then?
With postgres - sure. You can use 'ident' authentication. It looks up who is at the other end of the socket/connection using ident for TCP or local credentials for Unix sockets. Based on that you can allow all sorts of access (using pg_hba.conf and pg_ident.conf) Mike.
