Re: confirming security. - Mailing list pgsql-general

Good tip!  Thank you.



-----Original Message-----
From: pgsql-general-owner@postgresql.org [mailto:pgsql-general-owner@postgr=
esql.org] On Behalf Of John R Pierce
Sent: Friday, February 22, 2013 2:35 PM
To: pgsql-general@postgresql.org
Subject: Re: [GENERAL] confirming security.

On 2/22/2013 8:13 AM, Maz Mohammadi wrote:
> Ahhh yes....it is now...
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> # TYPE  DATABASE        USER            ADDRESS                 METHOD
> # "local" is for Unix domain socket connections only
> #local   all             all                                     trust
> # IPv4 local connections:
> #host    all             all             127.0.0.1/32            trust
> # IPv6 local connections:
> #host    all             all             ::1/128                 trust
> # Allow replication connections from localhost, by a user with the #=20
> replication privilege.
> #local   replication     postgres-xc                                trust
> #host    replication     postgres-xc        127.0.0.1/32            trust
> #host    replication     postgres-xc        ::1/128                 trust
> hostssl all             all             127.0.0.1/32            cert

I would leave a local line in front of that like..

local   all postgres peer

this will allow the postgres user to log on regardless when using unix sock=
ets rather than tcp/ip (eg, when not specifying any -h hostname). =20
handy for database administration and fixing problems.



--=20
john r pierce                                      37N 122W
somewhere on the middle of the left coast



--=20
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general