Client authentication is a central feature to using PostgreSQL, without it, anyone could connect to your database and retrieve your data. PostgreSQL has the ability to use several different types of client authentication. As the site administrator, you will need to decide which one is best for your type of system.
The current method of specifying a clients rights to a database is through the pg_hba.conf file. This should not be confused with a PostgreSQL users rights to a database. The pg_hba.conf only allows you to set the type of host based authentication to be used. The host based authentication is flexible in that you can require that the user also authenticate against the PostgreSQL user table as well. In other words, just because you can connect to PostgreSQL from one machine, doesn't mean you can from a different machine.
|Host and User access|
It is possible to allow anybody to access a PostgreSQL database that has a correct username and password but passwords may be transmitted in clear text depending on the environment. Make sure you understand how your application is communicating with PostgreSQL before allowing any user to remotely connect to a PostgreSQL database.