Re: Is "trust" really a good default? - Mailing list pgsql-hackers

From Christopher Kings-Lynne
Subject Re: Is "trust" really a good default?
Date
Msg-id 40F33EB3.2010208@familyhealth.com.au
Whole thread Raw
In response to Re: Is "trust" really a good default?  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
> No, but none of the others are better.  See previous discussions in the
> archives.  I don't think the situation has changed any since the last
> time we hashed this out.

I'll chime in from the phpPgAdmin point of view.  The thing with 
phpPgAdmin is that it breaks the 'localhost' access is safe rule that 
the existing trust stuff assumes.  This is because the most common setup 
is Apache and PostgreSQL on the same machine.

The situation got SO BAD with being able to just Google for 'phpPgAdmin 
Login' and then just log straight in as 'pgsql' and no password that 
since version 3.2 or so we have had "extra login security".  That means 
that by default in phpPgAdmin we disallow any login as the 'pgsql', 
'postgres', 'root', or 'administrator' users, and you cannot log into 
any account without a password.

This has fixed the problem greatly, however we get heaps of people who 
cannot understand why they cannot log in.  Those are the people we save 
from themselves.

I think that pg_hba.conf should have md5 on all by default, and the -W 
initdb parameter should be required.

Chris


pgsql-hackers by date:

Previous
From: Christopher Kings-Lynne
Date:
Subject: Anoncvs down?
Next
From: Christopher Kings-Lynne
Date:
Subject: Re: Is "trust" really a good default?