Home > mailing lists

Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens up databases for anyone! - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens up databases for anyone!
Date	November 28, 2001 02:33:59
Msg-id	796.1006921893@sss.pgh.pa.us Whole thread Raw
In response to	FW: [ppa-dev] Severe bug in debian - phppgadmin opens up databases for anyone! ("Christopher Kings-Lynne" <chriskl@familyhealth.com.au>)
Responses	Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens
List	pgsql-hackers

Tree view

"Christopher Kings-Lynne" <chriskl@familyhealth.com.au> writes:
> This came across the phpPgAdmin list, and I'm reposting it here in case it
> is actually true...?  If it is, is it a Postgres or a Debian package issue?

The default installation is indeed insecure with respect to other local
users; you don't want to use TRUST auth method on a multi-user box.  We
need to document that more prominently.  But the default install is not
insecure w.r.t. to outside connections, because it doesn't allow any.
In particular, this advice is horsepucky:

> Also, If you wish to block connections from the internet, add this also:
> host         all         0.0.0.0       0.0.0.0             reject

because that will happen anyway.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 28 November 2001, 02:33:58
Subject: Re: Possible bug in new VACUUM code

From: Thomas Lockhart
Date: 28 November 2001, 03:02:22
Subject: Call for platform testing

Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens up databases for anyone! - Mailing list pgsql-hackers

Previous

Next