| From: | Frank Lanitz <frank(at)frank(dot)uvena(dot)de> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Disable TRUST authentication mode |
| Date: | 2012-03-10 15:26:59 |
| Message-ID: | 20120310162659.c9340f98be1ffb540f277ea4@frank.uvena.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Sat, 10 Mar 2012 20:51:58 +0530
c k <shreeseva(dot)learning(at)gmail(dot)com> wrote:
> It we can disable the TRUST mode then every user have to login with
> password and every fraud user have to know the password (at least) of
> the user. It is not the case that users from other departments share
> their passwords, but fraud users just bypasses the need to know the
> password.
Users that are able to change pg_hba.conf are most likely also able to
replace any binary at the system. Even you are right that the trust
option is a bit dangerous, but its not your root issue.
Cheers,
Frank
--
Frank Lanitz <frank(at)frank(dot)uvena(dot)de>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Lentfer | 2012-03-10 15:28:14 | Re: Disable TRUST authentication mode |
| Previous Message | c k | 2012-03-10 15:21:58 | Re: Disable TRUST authentication mode |