From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Andrew Bailey <hazlorealidad(at)gmail(dot)com> |
Cc: | Thom Brown <thombrown(at)gmail(dot)com>, PGSQL Mailing List <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Too easy to log in as the "postgres" user? |
Date: | 2009-10-15 14:21:16 |
Message-ID: | 20091015142115.GE17756@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
* Andrew Bailey (hazlorealidad(at)gmail(dot)com) wrote:
> You appear to be trusting all connections what I think you want is the
> following:
>
> local all all ident sameuser
> # IPv4 local connections:
> host all all 127.0.0.1/32 ident sameuser
> # IPv6 local connections:
> host all all ::1/128 ident sameuser
>
> Remember that you need to get postgres to reread the file after
> changing it by using pg_ctl reload or kill -HUP {pid}
ident sameuser for host connections really isn't recommend nor is
terribly secure, in general. Over localhost is better, but using local
is infinitely better, imo.
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-10-15 14:41:39 | Re: Can't find documentation for ~=~ operator |
Previous Message | Andrew Bailey | 2009-10-15 13:24:57 | Re: Too easy to log in as the "postgres" user? |