Re: Security Concerns over User 'postgres'

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Lane Van Ingen" <lvaningen(at)esncc(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Security Concerns over User 'postgres'
Date: 2006-09-22 19:08:25
Message-ID: 9540.1158952105@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

"Lane Van Ingen" <lvaningen(at)esncc(dot)com> writes:
> We created our PostgreSQL instance by compiling it from source, and the
> instance is working just fine. User postgres runs the service; we do not
> know what the password is, and we think it got created automatically by the
> compile / install process.

Are you sure it even *has* a password? In the default RPM installation,
user postgres is created without any password --- the only way to become
postgres is to su there from root, and if you've got root you hardly
need to crack into postgres.

regards, tom lane

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Marcelo Costa 2006-09-22 19:38:02 Re: Security Concerns over User 'postgres'
Previous Message Lane Van Ingen 2006-09-22 18:09:23 Security Concerns over User 'postgres'