| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Andrew Bailey <hazlorealidad(at)gmail(dot)com> |
| Cc: | Thom Brown <thombrown(at)gmail(dot)com>, PGSQL Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Too easy to log in as the "postgres" user? |
| Date: | 2009-10-15 14:21:16 |
| Message-ID: | 20091015142115.GE17756@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
* Andrew Bailey (hazlorealidad(at)gmail(dot)com) wrote:
> You appear to be trusting all connections what I think you want is the
> following:
>
> local all all ident sameuser
> # IPv4 local connections:
> host all all 127.0.0.1/32 ident sameuser
> # IPv6 local connections:
> host all all ::1/128 ident sameuser
>
> Remember that you need to get postgres to reread the file after
> changing it by using pg_ctl reload or kill -HUP {pid}
ident sameuser for host connections really isn't recommend nor is
terribly secure, in general. Over localhost is better, but using local
is infinitely better, imo.
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-10-15 14:41:39 | Re: Can't find documentation for ~=~ operator |
| Previous Message | Andrew Bailey | 2009-10-15 13:24:57 | Re: Too easy to log in as the "postgres" user? |