Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens up databases for anyone!

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens up databases for anyone!
Дата
Msg-id 796.1006921893@sss.pgh.pa.us
обсуждение исходный текст
Ответ на FW: [ppa-dev] Severe bug in debian - phppgadmin opens up databases for anyone!  ("Christopher Kings-Lynne" <chriskl@familyhealth.com.au>)
Ответы Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens  (Bruce Momjian <pgman@candle.pha.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
"Christopher Kings-Lynne" <chriskl@familyhealth.com.au> writes:
> This came across the phpPgAdmin list, and I'm reposting it here in case it
> is actually true...?  If it is, is it a Postgres or a Debian package issue?

The default installation is indeed insecure with respect to other local
users; you don't want to use TRUST auth method on a multi-user box.  We
need to document that more prominently.  But the default install is not
insecure w.r.t. to outside connections, because it doesn't allow any.
In particular, this advice is horsepucky:

> Also, If you wish to block connections from the internet, add this also:
> host         all         0.0.0.0       0.0.0.0             reject

because that will happen anyway.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Possible bug in new VACUUM code
Следующее
От: Thomas Lockhart
Дата:
Сообщение: Call for platform testing