Re: superuser authentication? - Mailing list pgsql-general

From woger151
Subject Re: superuser authentication?
Date
Msg-id 008301c72f8c$d18b9060$6501a8c0@apollosjf
Whole thread Raw
In response to superuser authentication?  ("woger151" <woger151@jqpx37.cotse.net>)
List pgsql-general
----- Original Message -----
From: "Tom Lane" <tgl@sss.pgh.pa.us>
To: "woger151" <woger151@jqpx37.cotse.net>
Cc: <pgsql-general@postgresql.org>
Sent: Wednesday, January 03, 2007 9:52 AM
Subject: Re: [GENERAL] superuser authentication?


> "woger151" <woger151@jqpx37.cotse.net> writes:
>> What I'm not sure about is how to authenticate the postgresql superuser
>> (user 'postgres' on my system).  I'm considering:
>
>> 1.  Using ident (supposedly secure because of the SO_PEERCRED mechanism;
>> and
>> I've made a lot of effort to secure the server at the OS level)
>> 2.  Using password (_not_ stored on disk in e.g. pgpass)
>> 3.  Using reject
>
> How are you going to do backups?

Hadn't thought about that yet, though I know that periodic backups are
mandatory.

Easy to switch the authentication method back to something like password or
ident if one is doing things manually anyway, but it _would_ make it hard to
script things.

I'll have to think more about that...

>
> regards, tom lane


pgsql-general by date:

Previous
From: Juan Martínez
Date:
Subject: Re: [pgsql-es-ayuda] Update to 8.2 in openSUSE 10.2
Next
From: Adrian Klaver
Date:
Subject: Re: Generic timestamp function for updates where field