| From: | "niall el-assaad" <niallel(at)gmail(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Password recommendations for an appliance |
| Date: | 2008-07-11 09:39:43 |
| Message-ID: | b594cade0807110239m2fd09f6an229b07f22c75ecb1@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi,
I'm developing an appliance that runs postgresql and will be provided to
many people.
I am wondering on the best way of protecting the database user account.
At the moment the account has no password on it, to me this means that the
only people who can connect are the application (PHP running on the box), or
someone logged in as root at the linux command line of the appliance (which
means they have permission to anything anyway).
In this scenario is it worth putting a password on the user account? The
password would need to be stored in a file on the box anyway (so the root
user could get to it quite easily)?
I'm wondering if there are any best practices for this, as I've seen many
appliances that don't bother with a password, and only a few that do use a
password.
Opinions very welcome.
thanks,
niall
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dev | 2008-07-11 12:38:49 | Access rule listing from the whole database cluster |
| Previous Message | Mikel Lindsaar | 2008-07-11 08:37:39 | Re: Importing data - possible UTF8 import bug? |