| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | <ivan(dot)baldo(at)pilasnet(dot)com>, <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: Local Host Security? All users should have passwords optionally... |
| Date: | 2001-03-27 15:56:00 |
| Message-ID: | Pine.LNX.4.30.0103271753160.1215-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> Iván Baldo (ivan(dot)baldo(at)pilasnet(dot)com) reports a bug with a severity of 2
> I wanted to add passwords to all the users on the database, including
> the postgres user, etc. Then everything is authenticated using "crypt"
> method, so it asks passwords EVERYTIME. The problem I found is that I
> cannot do a "pg_dumpall" anymore, since I have no way to tell it to
> use the "postgres" user with a given password.
This is a known problem. You could try to patch pg_dumpall to pass the -u
option every time it calls pg_dump and psql.
> It tries to use the
> user "root" without password and it fails miserably! What happens if a
> hacker (or worst, a cracker!) enters to the machine somehow and I
> don't ask passwords for unix domain sockets?
Try changing the permissions on the socket file (chmod).
--
Peter Eisentraut peter_e(at)gmx(dot)net http://yi.org/peter-e/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Szabo | 2001-03-27 16:29:30 | Re: Bug about 'Foreign Key' |
| Previous Message | Peter Eisentraut | 2001-03-27 15:53:10 | Re: Please help On Alternative Database Location |