Re: PostgreSQL security concerns - Mailing list pgsql-general

Francesco Casadei <f_casadei@libero.it> writes:
> # TYPE       DATABASE    IP_ADDRESS    MASK               AUTHTYPE  MAP
> local        template0                                    trust
> local        template1                                    trust
> local        funland                                      password  funland.pwd

If you're going to make template1 accessible via "trust" then you should
expect rather severe lack of security.  Better put passwords on it too.

In a security-conscious setup, I don't see any good reason for anyone
but the DBA to be allowed to connect to template1.

BTW, there's no need to allow anyone to connect to template0 at all.

            regards, tom lane