Re: Disable TRUST authentication mode

From: Jan Lentfer <Jan(dot)Lentfer(at)web(dot)de>
To: c k <shreeseva(dot)learning(at)gmail(dot)com>
Cc: pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Disable TRUST authentication mode
Date: 2012-03-10 15:28:14
Message-ID: 4F5B730E.4020402@web.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Am 10.03.2012 16:21, schrieb c k:
> It we can disable the TRUST mode then every user have to login with
> password and every fraud user have to know the password (at least) of
> the user. It is not the case that users from other departments share
> their passwords, but fraud users just bypasses the need to know the
> password.

If they can alter pg_hba.conf they can almost certainly also change/add
users, alter passwords, etc, etc... So from a security perspective it
doesn't buy you much.

I don't know if you could build a custom postgresql from sources with
trust disabled. But it wouldn't be worth the trouble imo.

Jan

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Tom Lane 2012-03-10 16:20:30 Re: Disable TRUST authentication mode
Previous Message Frank Lanitz 2012-03-10 15:26:59 Re: Disable TRUST authentication mode