Re: superuser authentication?
| От | Richard Huxton |
|---|---|
| Тема | Re: superuser authentication? |
| Дата | |
| Msg-id | 459BCCBA.5060403@archonet.com обсуждение исходный текст |
| Ответ на | Re: superuser authentication? (Bill Moran <wmoran@collaborativefusion.com>) |
| Список | pgsql-general |
Bill Moran wrote: > > Personally, I'd set auth to password, then keep the password in a file in > root's home directory and set it readable by root only. If an attacker can > read that file, he already doesn't need to. > > This does mean that you'll have to carefully secure the script you use to > make backups, since they'll need to have the password in them. But you'll > need to carefully secure your backups anyway or all the other security is > rather pointless. I'd run it as a non-root backup-specific user. That way if someone compromises the backup process they're limited in the amount of damage they can do (since the user will only have write access to a few directories). Also makes auditing easier if you're that way inclined. -- Richard Huxton Archonet Ltd
В списке pgsql-general по дате отправления: