Hi,
I'm developing an appliance that runs postgresql and will be provided to many people.
I am wondering on the best way of protecting the database user account.
At the moment the account has no password on it, to me this means that the only people who can connect are the application (PHP running on the box), or someone logged in as root at the linux command line of the appliance (which means they have permission to anything anyway).
In this scenario is it worth putting a password on the user account? The password would need to be stored in a file on the box anyway (so the root user could get to it quite easily)?
I'm wondering if there are any best practices for this, as I've seen many appliances that don't bother with a password, and only a few that do use a password.
Opinions very welcome.
thanks,
niall