Обсуждение: user authentication

Поиск
Список
Период
Сортировка

user authentication

От
u_andy@pisem.net
Дата:
Hi,
I do not understand something in PostgreSQL Security and I hope
someone will help me.
I've installed PostgreSQL 7.1.3 on FreeBSD 4.7
I made a paswword for user postgres but when I just do the following
command:
# psql -U postgres dbname
PostgreSQL do not even ask me for password.
The same thing happens when I try to connect to database via network.
So anyone who wants can make everything with my database!
May be there are some configuration files that I should change?
But why by default PostgreSQL is such unsafe?

Thanks.
--
Best regards,
 Andrei Malashevich                          mailto:andy@chg.ru


Re: user authentication

От
Stephan Szabo
Дата:
On Fri, 11 Apr 2003 u_andy@pisem.net wrote:

> Hi,
> I do not understand something in PostgreSQL Security and I hope
> someone will help me.
> I've installed PostgreSQL 7.1.3 on FreeBSD 4.7
> I made a paswword for user postgres but when I just do the following
> command:
> # psql -U postgres dbname
> PostgreSQL do not even ask me for password.
> The same thing happens when I try to connect to database via network.
> So anyone who wants can make everything with my database!
> May be there are some configuration files that I should change?

You need to look at pg_hba.conf in your data directory.  I'd thought that
the default configuration only allowed connections from localhost and
unix domain although 7.1 is old enough I may be misremembering.  And you
almost certainly want to be using 7.3 rather than 7.1.