Skip site navigation (1) Skip section navigation (2)

Re: Problem in User Securities

From: "Joel Burton" <joel(at)joelburton(dot)com>
To: "shreedhar" <shreedhar(at)lucidindia(dot)net>,"PostgreSQL" <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Problem in User Securities
Date: 2002-05-20 13:09:45
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
The default security setup in PG is to allow all connections from localhost,
w/o password. This should be changed. You'll find this in your $PGDATA
directory, in the file pg_hba.conf.

- J.

Joel BURTON | joel(at)joelburton(dot)com | | aim: wjoelburton
Knowledge Management & Technology Consultant

> -----Original Message-----
> From: pgsql-admin-owner(at)postgresql(dot)org
> [mailto:pgsql-admin-owner(at)postgresql(dot)org]On Behalf Of shreedhar
> Sent: Monday, May 20, 2002 5:33 AM
> To: PostgreSQL
> Subject: [ADMIN] Problem in User Securities
> Hello All,
> I am new to Postgres, While I was checking 'User Securities' in postgres I
> got the following problem.
> I created a user using 'createuser' command and gave superuser
> permissions.
> but while accessing database, even if we have not given   '-W' password
> option it is entering into database. So who knows Unix administrator
> password can enter into any database if they know corresponding login name
> and they work with the same permissions..
> And also i observed that even we can enter into template1 with out giving
> any username or password.
> I doubt there will be a way to restrict this.
> Can any body help me regarding this.
> Thanks alot,
> With best Regards
> bhaskararaju
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org

In response to

pgsql-admin by date

Next:From: Jameson C. BurtDate: 2002-05-20 14:00:56
Subject: Access by 1000 users to view postgres tables without recreating accounts?
Previous:From: Gareth KirwanDate: 2002-05-20 11:53:01
Subject: Interval to number

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group