Re: Problem in User Securities

The default security setup in PG is to allow all connections from localhost,
w/o password. This should be changed. You'll find this in your $PGDATA
directory, in the file pg_hba.conf.

- J.

Joel BURTON | joel(at)joelburton(dot)com | joelburton.com | aim: wjoelburton
Knowledge Management & Technology Consultant

> -----Original Message-----
> From: pgsql-admin-owner(at)postgresql(dot)org
> [mailto:pgsql-admin-owner(at)postgresql(dot)org]On Behalf Of shreedhar
> Sent: Monday, May 20, 2002 5:33 AM
> To: PostgreSQL
> Subject: [ADMIN] Problem in User Securities
>
>
> Hello All,
>
> I am new to Postgres, While I was checking 'User Securities' in postgres I
> got the following problem.
>
> I created a user using 'createuser' command and gave superuser
> permissions.
>
> but while accessing database, even if we have not given '-W' password
> option it is entering into database. So who knows Unix administrator
> password can enter into any database if they know corresponding login name
> and they work with the same permissions..
>
> And also i observed that even we can enter into template1 with out giving
> any username or password.
>
> I doubt there will be a way to restrict this.
>
> Can any body help me regarding this.
>
> Thanks alot,
>
> With best Regards
> bhaskararaju
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>