| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Marcin Gil <marcin(dot)gil(at)audax(dot)com(dot)pl> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: db security; user identification |
| Date: | 2004-01-27 13:58:36 |
| Message-ID: | 20040127135836.GA32757@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On Tue, Jan 27, 2004 at 14:21:27 +0100,
Marcin Gil <marcin(dot)gil(at)audax(dot)com(dot)pl> wrote:
> Martin Atukunda wrote:
>
> >- local all all trust
> >+ local all postgres trust
> >+ local all all md5
> >
> Ok. but if user does:
> psql -d template1 -U postgres?
>
> then he won't be asked about password but should.
> Everyone who can access psql, can get into db as postgres user.
> Not safe I suppose.
You definitely don't want:
local all postgres trust
You can probably use ident authentication (this doesn't work for local
connections for all os's) to allow root to connect as the user postgres.
If you do this, than anyone connecting as postgres will also need to
use ident authentication and be listed in the map along with root.
You might end up creating a second superuser account that uses md5
authentication.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marcin Gil | 2004-01-27 14:25:41 | Re: db security; user identification |
| Previous Message | lnd | 2004-01-27 13:58:07 | Increase stored proc. parameters max count |