-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/18/07 21:10, Phoenix Kiula wrote:
> On 18/08/07, Ron Johnson <ron.l.johnson@cox.net> wrote:
>>
>> On 08/18/07 06:02, Phoenix Kiula wrote:
>> [snip]
>>> Thanks for this. I am logged in as root. Put it there and it works. I
>> Well, that's your first problem.
>>
>> And second. And third.
>
>
>
> Thanks for the kick in the derierre. Have set it all up to operate as
> user postgres. Or is that insecure too?
Whenever thinking about security, the question to ask yourself is:
am I doing anything which would make it easier for a Bad Guy to gain
access to my data or systems. Then, do the opposite.
Examples:
Using a powerful account for mundane activities? Use a mundane
account instead. (As Joshua pointed out, "postgres" is a powerful
account.)
Sending important data over the wire (or worse, wireless) in clear
text? Encrypt it.
Vulnerable to SQL injection attacks by sending fully formed SQL
statements across the wire? Use prepared statements instead.
- --
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGx6zsS9HxQb37XmcRAndxAJ0YJ1mGQ1+erBsDuq3/iCN3q6ZcsgCgsVpd
F0/q8sPWoWs4qgFhbP65NyM=
=syP0
-----END PGP SIGNATURE-----