"Christopher Kings-Lynne" <chriskl@familyhealth.com.au> writes:
> This came across the phpPgAdmin list, and I'm reposting it here in case it
> is actually true...? If it is, is it a Postgres or a Debian package issue?
The default installation is indeed insecure with respect to other local
users; you don't want to use TRUST auth method on a multi-user box. We
need to document that more prominently. But the default install is not
insecure w.r.t. to outside connections, because it doesn't allow any.
In particular, this advice is horsepucky:
> Also, If you wish to block connections from the internet, add this also:
> host all 0.0.0.0 0.0.0.0 reject
because that will happen anyway.
regards, tom lane