Home > mailing lists

Re: Authenticating user `postgres' - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Authenticating user `postgres'
Date	September 29, 2001 04:01:40
Msg-id	12232.1001683307@sss.pgh.pa.us Whole thread Raw
In response to	Re: Authenticating user `postgres' (Arcady Genkin <a.genkin@utoronto.ca>)
Responses	Re: Authenticating user `postgres'
List	pgsql-general

Tree view

Arcady Genkin <a.genkin@utoronto.ca> writes:
> Tom Lane <tgl@sss.pgh.pa.us> writes:
>> Offhand I'd think it foolish to make it easier to get into the
>> superuser account than regular accounts anyway.

> Not so much if the database only listens on unix domain socket, which
> has tight permissions, and a UNIX user has to identify himself with a
> valid password anyways.

So?  If you can trust local connections from the user who is superuser
to be correctly authenticated, then you can also trust local connections
from the users who are non-superusers.  I really completely fail to see
the point of requiring a password to connect to non-critical accounts
while having no password (*LESS* security) for the critical superuser
account.

            regards, tom lane

pgsql-general by date:

From: Bruce Momjian
Date: 29 September 2001, 03:54:35
Subject: Re: postgresql.conf

From: Mark kirkwood
Date: 29 September 2001, 04:08:28
Subject: Re: Migrating to DB2 from Postgres

Re: Authenticating user `postgres' - Mailing list pgsql-general

Previous

Next