Hi All, What's the default contents of pg_hba.conf that postgres ships with? I've been to it contains 'trust' for all local connections. Is this wise? Anyone who can get a shell on your database server can connect to any database as any user? cheers, Chris
On 11/24/2015 1:33 PM, Chris Withers wrote: > > What's the default contents of pg_hba.conf that postgres ships with? > > I've been to it contains 'trust' for all local connections. > Is this wise? Anyone who can get a shell on your database server can > connect to any database as any user? it varies with distributions, and it can be specified via the -A/--auth argument to initdb. most distributions I've seen use 'peer' for local connections by default. -- john r pierce, recycling bits in santa cruz
* Chris Withers (chris@simplistix.co.uk) wrote: > What's the default contents of pg_hba.conf that postgres ships with? The PG community provides both source code, which is expected to be used by developers and is therefore wide open, and binary packages, which are expected to be used by end users and therefore has sensible defaults for authentication (mainly 'peer'). > I've been to it contains 'trust' for all local connections. > Is this wise? Anyone who can get a shell on your database server can > connect to any database as any user? It is not wise to run with 'trust' in a non-development environment. Thanks! Stephen
Сайт использует файлы cookie для корректной работы и повышения удобства. Нажимая кнопку «Принять» или продолжая пользоваться сайтом, вы соглашаетесь на их использование в соответствии с Политикой в отношении обработки cookie ООО «ППГ», в том числе на передачу данных из файлов cookie сторонним статистическим и рекламным службам. Вы можете управлять настройками cookie через параметры вашего браузера