Database Permissions

My apologies if the answer(s) to my questions are obvious to others. I'm
still quite new to Linux and PostgreSQL.

I have set up a database to be used by hundreds of students. Within psql I
set GRANT SELECT ON database TO PUBLIC on the database but have found that
if I login as one of those students I can login as the database owner by
using

\connect database owner

I then used:

ALTER USER owner WITH PASSWORD 'password';

the database confirmed a change had been made. I had hoped that by
explicitly putting a password in for the owner that if I used the \connect
.... then I would be required to put a password in to connect as owner.

Unfortunately not.

Any suggestions as to how I might secure the database to SELECTS only.
Curerently I have not invoked password authentication on the database
itself. I'm currently using the default settings on pg_hba.conf and I'm
wondering if the problem can be handled by altering this?

Thanks in anticipation
Mike Withers
University of Western Sydney, Australia