Re: Security Concerns over User 'postgres'

Hi,

Only create one user to your aplications and give to her rights to acess
your database

You can change the password of postgresql user

In your linux distro type:

su - postgres

psql -U postgres

in the prompt of postgres type:

# alter user postgres with password 'your new password';

After this your password of user postgres are change.

Create an user to your aplications and give this to all users.

Don´t forget of rights (INSERT,SELECT,UPDATE,DELETE) on your tables to this
user.

[],s

Marcelo Costa
DBA
Executive Secretary of Education from Pará/Amazônia/Brazil

2006/9/22, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>
> "Lane Van Ingen" <lvaningen(at)esncc(dot)com> writes:
> > We created our PostgreSQL instance by compiling it from source, and the
> > instance is working just fine. User postgres runs the service; we do not
> > know what the password is, and we think it got created automatically by
> the
> > compile / install process.
>
> Are you sure it even *has* a password? In the default RPM installation,
> user postgres is created without any password --- the only way to become
> postgres is to su there from root, and if you've got root you hardly
> need to crack into postgres.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>

--
Marcelo Costa