Skip site navigation (1) Skip section navigation (2)

Disable TRUST authentication mode

From: c k <shreeseva(dot)learning(at)gmail(dot)com>
To: pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject: Disable TRUST authentication mode
Date: 2012-03-10 15:00:33
Message-ID: CAN2Y=uMt7CPkxZhAUfw7SzecKdWCWsUuLmh4XPhUxKqBtdUoyA@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-admin
Hi,
Can we disable the trust authentication mode?

One of our customer found that few of it's employees are trying to change
the data without having any proper rights. The simplest way is to get the
control of the server and then change the mode of the authentication to
trust and restart the server. All other regular users will do not get any
problems for their daily working. And this is the real fact that persons
from IT department can be one of the users who are going to make a fraud.
Even after having sufficient logging and other preventative actions, like
logging in the database for what is changed (audit trails) and even using
postgresql logs, it impossible to prevent such things. As in most of the
times we use username/password as basic functionality to prevent
unauthorised users from getting the database access, TRUST makes a grand
back door for hackers or fraud making users to get into the database. In
TRUST mode knowing the name of the user is sufficient and it is not hard to
know the superuser login name.

What steps we can take to prevent such access or to disable the TRUST mode
completely?

Thanks,

C P Kulkarni

Responses

pgsql-admin by date

Next:From: Jan LentferDate: 2012-03-10 15:09:42
Subject: Re: Disable TRUST authentication mode
Previous:From: FilipposDate: 2012-03-09 20:48:45
Subject: Re: postgresql monitoring tool (GUI)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group