Home > mailing lists

Re: Disable TRUST authentication mode - Mailing list pgsql-admin

From	Jan Lentfer
Subject	Re: Disable TRUST authentication mode
Date	March 10, 2012 14:31:06
Msg-id	4F5B730E.4020402@web.de Whole thread Raw
In response to	Re: Disable TRUST authentication mode (c k <shreeseva.learning@gmail.com>)
Responses	Re: Disable TRUST authentication mode (Tom Lane <tgl@sss.pgh.pa.us>) Re: Disable TRUST authentication mode (c k <shreeseva.learning@gmail.com>)
List	pgsql-admin

Tree view

Am 10.03.2012 16:21, schrieb c k:
> It we can disable the TRUST mode then every user have to login with
> password and every fraud user have to know the password (at least) of
> the user. It is not the case that users from other departments share
> their passwords, but fraud users just bypasses the need to know the
> password.

If they can alter pg_hba.conf they can almost certainly also change/add
users, alter passwords, etc, etc... So from a security perspective it
doesn't buy you much.

I don't know if you could build a custom postgresql from sources with
trust disabled. But it wouldn't be worth the trouble imo.

Jan

pgsql-admin by date:

From: Frank Lanitz
Date: 10 March 2012, 14:27:17
Subject: Re: Disable TRUST authentication mode

From: Tom Lane
Date: 10 March 2012, 15:20:46
Subject: Re: Disable TRUST authentication mode

Re: Disable TRUST authentication mode - Mailing list pgsql-admin

Previous

Next