The goal of PostgreSQL security is to keep the bad guys out while letting the good guys in.

Security is a balancing act—it is often the case that more secure installations are less convenient for authorized users. Finding the right balance depends primarily on two factors. First, “How much do you trust the people that have access to your machine?” The answer to that question is not as obvious at it may seem—if your system is connected to the Internet, you have to extend your trust to everyone else on the Internet. The second question is “How important is it to keep your data private?” It's probably not very important to keep your personal CD catalog private, but if you are storing customer credit card numbers, you had better ...