Re: db security; user identification
| От | Bruno Wolff III |
|---|---|
| Тема | Re: db security; user identification |
| Дата | |
| Msg-id | 20040127135836.GA32757@wolff.to обсуждение исходный текст |
| Ответ на | Re: db security; user identification (Marcin Gil <marcin.gil@audax.com.pl>) |
| Список | pgsql-novice |
On Tue, Jan 27, 2004 at 14:21:27 +0100, Marcin Gil <marcin.gil@audax.com.pl> wrote: > Martin Atukunda wrote: > > >- local all all trust > >+ local all postgres trust > >+ local all all md5 > > > Ok. but if user does: > psql -d template1 -U postgres? > > then he won't be asked about password but should. > Everyone who can access psql, can get into db as postgres user. > Not safe I suppose. You definitely don't want: local all postgres trust You can probably use ident authentication (this doesn't work for local connections for all os's) to allow root to connect as the user postgres. If you do this, than anyone connecting as postgres will also need to use ident authentication and be listed in the map along with root. You might end up creating a second superuser account that uses md5 authentication.
В списке pgsql-novice по дате отправления: