Re: Disable TRUST authentication mode

Thanks to all.
I understand that the users who have the access to the system can also
change binaries. We are also thinking about the same. Using a virtual
server for the database with almost 80% of the system resource where even
persons from the IT department does not have the root access and do not
know passwords for the superusers of the database or do not have the access
to the filesystem of the virtual server can be a solution. Is it?
If any postgresql user have the experience to deal with the situations
like, please share your experiences.

Thanks and regards,

C P Kulkarni

On Sat, Mar 10, 2012 at 8:58 PM, Jan Lentfer <Jan(dot)Lentfer(at)web(dot)de> wrote:

> Am 10.03.2012 16:21, schrieb c k:
>
> It we can disable the TRUST mode then every user have to login with
>> password and every fraud user have to know the password (at least) of
>> the user. It is not the case that users from other departments share
>> their passwords, but fraud users just bypasses the need to know the
>> password.
>>
>
> If they can alter pg_hba.conf they can almost certainly also change/add
> users, alter passwords, etc, etc... So from a security perspective it
> doesn't buy you much.
>
> I don't know if you could build a custom postgresql from sources with
> trust disabled. But it wouldn't be worth the trouble imo.
>
>
> Jan
>
>
> --
> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/**mailpref/pgsql-admin<http://www.postgresql.org/mailpref/pgsql-admin>
>