On 08/11/2016 10:04 AM, support-tiger wrote:
> We have always been impressed with the Postgres project and team. The
> whole hybrid SQL / JSONB functionality rocks. The scalability rocks.
> The speed and stability rock. At the command line, Postgres rocks. But
> in applications we have had some real, and not improving pain points:
>
> #1) pg_hba conf
> Out of the box the md5 setting blocks access. Most "advice" say change
> to "all all trust" and indeed that works. But that seems a big security
> issue. Specifying a postgres role, password, and peer does not seem to
> work. And this approach is problematic if there are many roles or even
> dynamically created roles.
Well pg_hba.conf is a combination of auth methods and client connection
source, so you will need to be more specific about the issues you are
having. Also remember first match wins, therefore if you have a
restrictive match above more permissive matches it will hide them.
>
> Or is pb_hba conf set up for web sockets and we should be using sockets?
>
> For general use, it seems we should not have to modify this file - it
> should "just work" with good security.
>
--
Adrian Klaver
adrian.klaver@aklaver.com