Skip site navigation (1) Skip section navigation (2)

Re: Disable TRUST authentication mode

From: Frank Lanitz <frank(at)frank(dot)uvena(dot)de>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Disable TRUST authentication mode
Date: 2012-03-10 15:26:59
Message-ID: 20120310162659.c9340f98be1ffb540f277ea4@frank.uvena.de (view raw or flat)
Thread:
Lists: pgsql-admin
On Sat, 10 Mar 2012 20:51:58 +0530
c k <shreeseva(dot)learning(at)gmail(dot)com> wrote:

> It we can disable the TRUST mode then every user have to login with
> password and every fraud user have to know the password (at least) of
> the user. It is not the case that users from other departments share
> their passwords, but fraud users just bypasses the need to know the
> password.

Users that are able to change pg_hba.conf are most likely also able to
replace any binary at the system. Even you are right that the trust
option is a bit dangerous, but its not your root issue. 

Cheers, 
Frank
-- 
Frank Lanitz <frank(at)frank(dot)uvena(dot)de>

In response to

pgsql-admin by date

Next:From: Jan LentferDate: 2012-03-10 15:28:14
Subject: Re: Disable TRUST authentication mode
Previous:From: c kDate: 2012-03-10 15:21:58
Subject: Re: Disable TRUST authentication mode

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group