| From: | Stephan Szabo <sszabo(at)megazone23(dot)bigpanda(dot)com> |
|---|---|
| To: | Igor Georgiev <gory(at)alphasoft-bg(dot)com> |
| Cc: | dima <_pppp(at)mail(dot)ru>, <pgsql-hackers(at)postgresql(dot)org>, <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Security question : Database access control |
| Date: | 2002-10-22 15:28:08 |
| Message-ID: | 20021022081942.K87361-100000@megazone23.bigpanda.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-hackers |
On Tue, 22 Oct 2002, Igor Georgiev wrote:
> > > edit *pg_hba.conf *
> > > # Allow any user on the local system to connect to any
> > > # database under any username, but only via an IP connection:
> > > host all 127.0.0.1 255.255.255.255 trust
> > > # The same, over Unix-socket connections:
> > > local all trust
> > what about reading pg_hba.conf comments?
> > local all md5
> >
>
> Ok, but my question actually isn't about pg_hba.conf comments, i read enough
> but what will stop root from adding this lines or doing su - postgres ??
Not much really. But given that they have access to the raw data
files, preventing them access to the server doesn't gain you that
much if they really want to get the data.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nicholas Barthelemy | 2002-10-22 15:35:15 | 7.2 date/time format function problems |
| Previous Message | Rod Taylor | 2002-10-22 15:26:30 | Re: [HACKERS] Security question : Database access control |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-10-22 15:35:25 | Re: Security question : Database access control |
| Previous Message | Rod Taylor | 2002-10-22 15:26:30 | Re: [HACKERS] Security question : Database access control |