Skip site navigation (1) Skip section navigation (2)

Re: Questions from a Newbie

From: Shane Ambler <pgsql(at)Sheeky(dot)Biz>
To: John Gardner <john(dot)gardner(at)tagish(dot)co(dot)uk>
Cc: Postgresql Mailing list <pgsql-novice(at)postgresql(dot)org>
Subject: Re: Questions from a Newbie
Date: 2007-02-20 17:27:49
Message-ID: 45DB2F95.1010107@Sheeky.Biz (view raw or flat)
Thread:
Lists: pgsql-novice
John Gardner wrote:
> Hi everyone!
> 
> I really am a newbie to Postgres, and I have few questions... mainly
> security orientated, which I'm hoping I can get a definitive answer on.
> 
> 1) listen_addresses in postgresql.sql - The documentation states that;
> 
> "...The value takes the form of a comma-separated list of host names
> and/or numeric IP addresses. The special entry * corresponds to all
> available IP interfaces. If the list is empty, the server does not
> listen on any IP interface at all, in which case only Unix-domain
> sockets can be used to connect to it. The default value is localhost,
> which allows only local "loopback" connections to be made. This
> parameter can only be set at server start."
> 
> I'd like to be able to allow all users on a particular subnet to connect
> to the server using PGAdminIII and originally set the variable to:
> 
> listen_addresses = 'localhost, 192.168.1.*'

Listen address is the ip address of the server. Entering * means it will 
listen on any and all ip addresses assigned to all network interfaces on 
the server. Unless you have multiple network cards then * or localhost 
will be fine, otherwise you want the ip address of the machine running 
postgresql eg. 192.168.1.250

The security setting you are interested in is located in the pg_hba.conf 
file - this file determines who is allowed to connect to postgresql and 
from what machines. You will most likely want a line like -
host all all 192.168.1.0/24 md5

The file itself contains enough info or you can read it in the docs.

> This didn't allow the server to start, so I assume this is incorrect.
> Is there any way that this can be done?
> 
> 2) How do you set the default 'postgres' Login Role to have a password?
>  I did what I thought was the correct way in PgAdmin to assign it a
> password, and resultant code in the SQL pane does seem like it has an
> MD5 password assigned to it, but our security scanning software still
> assures me that, "Your PostgreSQL database is not password protected.
> We could log in as the user 'postgres'."
> 

You may have an entry in pg_hba.conf that allows non-password logins.
 From the above example I gave the md5 at the end means the client can 
use md5 password encryption to login - if this is set to trust then a 
password is not required. This may be on the line with 127.0.0.1



-- 

Shane Ambler
pgSQL(at)Sheeky(dot)Biz

Get Sheeky @ http://Sheeky.Biz

In response to

pgsql-novice by date

Next:From: NabilDate: 2007-02-21 17:42:05
Subject:
Previous:From: Richard Broersma JrDate: 2007-02-20 17:14:58
Subject: Re: Questions from a Newbie

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group