Re: db security; user identification - Mailing list pgsql-novice

From Bruno Wolff III
Subject Re: db security; user identification
Date
Msg-id 20040127135836.GA32757@wolff.to
Whole thread Raw
In response to Re: db security; user identification  (Marcin Gil <marcin.gil@audax.com.pl>)
List pgsql-novice
On Tue, Jan 27, 2004 at 14:21:27 +0100,
  Marcin Gil <marcin.gil@audax.com.pl> wrote:
> Martin Atukunda wrote:
>
> >- local all all trust
> >+ local all postgres trust
> >+ local all all md5
> >
> Ok. but if user does:
> psql -d template1 -U postgres?
>
> then he won't be asked about password but should.
> Everyone who can access psql, can get into db as postgres user.
> Not safe I suppose.

You definitely don't want:
local all postgres trust

You can probably use ident authentication (this doesn't work for local
connections for all os's) to allow root to connect as the user postgres.
If you do this, than anyone connecting as postgres will also need to
use ident authentication and be listed in the map along with root.
You might end up creating a second superuser account that uses md5
authentication.

pgsql-novice by date:

Previous
From: Martin Atukunda
Date:
Subject: Re: db security; user identification
Next
From:
Date:
Subject: Increase stored proc. parameters max count