Re: postgresql db account

If I change the challange method to md5, I have to know the passwd.
So, are you saying that it is good practice to leave local connections
as trust?  This doesn't seem right to me.  I either have to set the
pw or leave it as trust.  Maybe you are supposed to leave postgresql
db account alone and create an alternate.  I just haven't found where
the best practices are discussed.

Is there a security document that discusses these items and other
security best practices?


On Wed, Oct 04, 2006 at 03:27:10PM -0700, Richard Broersma Jr wrote:
> > What is the default pw for the postgresql db account?
> > Is it a correct management practice to change this pw?
> >
> > template1=# select * from pg_user;
> >   usename   | usesysid | usecreatedb | usesuper | usecatupd |  passwd  | valuntil | useconfig
> > ------------+----------+-------------+----------+-----------+----------+----------+-----------
> >  postgresql |       10 | t           | t        | t         | ******** |          |
>
> My understanding is that the "postgres" account both OS and DB do not have a password.
>
> On a *nix OS, postgres can only be su - from a privileged root account.  This way it can not be
> directly logged into.  This is supposed to be more secure, since you only have to worry about your
> root password being cracked.
>
> Regards,
>
> Richard Broersma Jr.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings