Skip site navigation (1) Skip section navigation (2)

Re: db security; user identification

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Marcin Gil <marcin(dot)gil(at)audax(dot)com(dot)pl>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: db security; user identification
Date: 2004-01-27 13:58:36
Message-ID: 20040127135836.GA32757@wolff.to (view raw or flat)
Thread:
Lists: pgsql-novice
On Tue, Jan 27, 2004 at 14:21:27 +0100,
  Marcin Gil <marcin(dot)gil(at)audax(dot)com(dot)pl> wrote:
> Martin Atukunda wrote:
> 
> >- local all all trust
> >+ local all postgres trust
> >+ local all all md5
> >
> Ok. but if user does:
> psql -d template1 -U postgres?
> 
> then he won't be asked about password but should.
> Everyone who can access psql, can get into db as postgres user.
> Not safe I suppose.

You definitely don't want:
local all postgres trust

You can probably use ident authentication (this doesn't work for local
connections for all os's) to allow root to connect as the user postgres.
If you do this, than anyone connecting as postgres will also need to
use ident authentication and be listed in the map along with root.
You might end up creating a second superuser account that uses md5
authentication.

In response to

pgsql-novice by date

Next:From: Marcin GilDate: 2004-01-27 14:25:41
Subject: Re: db security; user identification
Previous:From: lndDate: 2004-01-27 13:58:07
Subject: Increase stored proc. parameters max count

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group