Skip site navigation (1) Skip section navigation (2)

Password recommendations for an appliance

From: "niall el-assaad" <niallel(at)gmail(dot)com>
To: pgsql-admin(at)postgresql(dot)org
Subject: Password recommendations for an appliance
Date: 2008-07-11 09:39:43
Message-ID: b594cade0807110239m2fd09f6an229b07f22c75ecb1@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-admin
Hi,
I'm developing an appliance that runs postgresql and will be provided to
many people.

I am wondering on the best way of protecting the database user account.

At the moment the account has no password on it, to me this means that the
only people who can connect are the application (PHP running on the box), or
someone logged in as root at the linux command line of the appliance (which
means they have permission to anything anyway).

In this scenario is it worth putting a password on the user account? The
password would need to be stored in a file on the box anyway (so the root
user could get to it quite easily)?

I'm wondering if there are any best practices for this, as I've seen many
appliances that don't bother with a password, and only a few that do use a
password.

Opinions very welcome.

thanks,

niall

pgsql-admin by date

Next:From: DevDate: 2008-07-11 12:38:49
Subject: Access rule listing from the whole database cluster
Previous:From: Mikel LindsaarDate: 2008-07-11 08:37:39
Subject: Re: Importing data - possible UTF8 import bug?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group