> Bruce Momjian wrote:
>
> >
> > > But if you have choosen the conservative way of beeing a site
> > > admin, noone will ever tell you if you forgot to DISABLE a
> > > feature after a 50 hour restore marathon.
> >
> > Yes, the same reason postmaster -i flag is required to enable tcp/ip.
>
> That's a detail I'm in doubt about. Our defaults for AF_UNIX
> sockets is trust (and AFAIK must be because identd cannot
> handle them). Thus any user who has a local shell account
> could easily become db user postgres.
>
> I think a default of host-localhost-ident-sameuser and giving
> superusers the builtin right to become everyone would gain
> higher security.
But can we assume ident is running. I don't think so.
-- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026