Password recommendations for an appliance - Mailing list pgsql-admin

From niall el-assaad
Subject Password recommendations for an appliance
Date
Msg-id b594cade0807110239m2fd09f6an229b07f22c75ecb1@mail.gmail.com
Whole thread Raw
List pgsql-admin
Hi,

I'm developing an appliance that runs postgresql and will be provided to many people.

I am wondering on the best way of protecting the database user account.

At the moment the account has no password on it, to me this means that the only people who can connect are the application (PHP running on the box), or someone logged in as root at the linux command line of the appliance (which means they have permission to anything anyway).

In this scenario is it worth putting a password on the user account? The password would need to be stored in a file on the box anyway (so the root user could get to it quite easily)?

I'm wondering if there are any best practices for this, as I've seen many appliances that don't bother with a password, and only a few that do use a password.

Opinions very welcome.

thanks,

niall

pgsql-admin by date:

Previous
From: "Mikel Lindsaar"
Date:
Subject: Re: Importing data - possible UTF8 import bug?
Next
From: Dev
Date:
Subject: Access rule listing from the whole database cluster