| From: | pgsql-bugs(at)postgresql(dot)org |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Local Host Security? All users should have passwords optionally... |
| Date: | 2001-03-26 22:08:41 |
| Message-ID: | 200103262208.f2QM8f102938@hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Ivn Baldo (ivan(dot)baldo(at)pilasnet(dot)com) reports a bug with a severity of 2
The lower the number the more severe it is.
Short Description
Local Host Security? All users should have passwords optionally...
Long Description
I wanted to add passwords to all the users on the database, including the postgres user, etc. Then everything is authenticated using "crypt" method, so it asks passwords EVERYTIME.
The problem I found is that I cannot do a "pg_dumpall" anymore, since I have no way to tell it to use the "postgres" user with a given password. It tries to use the user "root" without password and it fails miserably!
What happens if a hacker (or worst, a cracker!) enters to the machine somehow and I don't ask passwords for unix domain sockets? Well, it has access to all my data... Ok, this should not happen, but I worry if it happens and I think it is important to enforce the security a little more in Postgres. The documentation doesn't say anything about this...
Sample Code
No file was uploaded with this report
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Shevland | 2001-03-27 00:37:35 | Possible large object bug? |
| Previous Message | Francesco Protano | 2001-03-26 16:18:20 | Please help On Alternative Database Location |