Home > mailing lists

Re: Security question : Database access control - Mailing list pgsql-admin

From	Stephan Szabo
Subject	Re: Security question : Database access control
Date	October 22, 2002 14:28:10
Msg-id	20021022081942.K87361-100000@megazone23.bigpanda.com Whole thread Raw
In response to	Re: Security question : Database access control ("Igor Georgiev" <gory@alphasoft-bg.com>)
List	pgsql-admin

Tree view

On Tue, 22 Oct 2002, Igor Georgiev wrote:

> > >     edit *pg_hba.conf *
> > >         # Allow any user on the local system to connect to any
> > >         # database under any username, but only via an IP connection:
> > >         host         all         127.0.0.1     255.255.255.255    trust
> > >         # The same, over Unix-socket connections:
> > >         local        all                                          trust
> > what about reading pg_hba.conf comments?
> >            local    all                                              md5
> >
>
> Ok, but  my question actually isn't about pg_hba.conf comments, i read enough
> but what will stop root from adding this lines or doing su - postgres ??

Not much really.  But given that they have access to the raw data
files, preventing them access to the server doesn't gain you that
much if they really want to get the data.

pgsql-admin by date:

From: "Igor Georgiev"
Date: 22 October 2002, 14:19:48
Subject: Re: Quickie about Database locations

From: "Igor Georgiev"
Date: 22 October 2002, 14:35:11
Subject: Re: Security question : Database access control

Re: Security question : Database access control - Mailing list pgsql-admin

Previous

Next