The default security setup in PG is to allow all connections from localhost,
w/o password. This should be changed. You'll find this in your $PGDATA
directory, in the file pg_hba.conf.
Joel BURTON | joel(at)joelburton(dot)com | joelburton.com | aim: wjoelburton
Knowledge Management & Technology Consultant
> -----Original Message-----
> From: pgsql-admin-owner(at)postgresql(dot)org
> [mailto:pgsql-admin-owner(at)postgresql(dot)org]On Behalf Of shreedhar
> Sent: Monday, May 20, 2002 5:33 AM
> To: PostgreSQL
> Subject: [ADMIN] Problem in User Securities
> Hello All,
> I am new to Postgres, While I was checking 'User Securities' in postgres I
> got the following problem.
> I created a user using 'createuser' command and gave superuser
> but while accessing database, even if we have not given '-W' password
> option it is entering into database. So who knows Unix administrator
> password can enter into any database if they know corresponding login name
> and they work with the same permissions..
> And also i observed that even we can enter into template1 with out giving
> any username or password.
> I doubt there will be a way to restrict this.
> Can any body help me regarding this.
> Thanks alot,
> With best Regards
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
In response to
pgsql-admin by date
|Next:||From: Jameson C. Burt||Date: 2002-05-20 14:00:56|
|Subject: Access by 1000 users to view postgres tables without recreating accounts?|
|Previous:||From: Gareth Kirwan||Date: 2002-05-20 11:53:01|
|Subject: Interval to number|