Home > mailing lists

Re: [HACKERS] Installation procedure wishes - Mailing list pgsql-hackers

From	wieck@debis.com (Jan Wieck)
Subject	Re: [HACKERS] Installation procedure wishes
Date	June 18, 1999 07:13:51
Msg-id	m10utl0-0003kLC@orion.SAPserv.Hamburg.dsh.de Whole thread Raw
In response to	Re: [HACKERS] Installation procedure wishes (Bruce Momjian <maillist@candle.pha.pa.us>)
Responses	Re: [HACKERS] Installation procedure wishest
List	pgsql-hackers

Tree view

Bruce Momjian wrote:

>
> >     But if you have choosen the conservative way of beeing a site
> >     admin, noone will ever tell you if you forgot  to  DISABLE  a
> >     feature after a 50 hour restore marathon.
>
> Yes, the same reason postmaster -i flag is required to enable tcp/ip.

    That's  a detail I'm in doubt about. Our defaults for AF_UNIX
    sockets is trust (and AFAIK must  be  because  identd  cannot
    handle  them).  Thus  any  user who has a local shell account
    could easily become db user postgres.

    I think a default of host-localhost-ident-sameuser and giving
    superusers  the  builtin  right to become everyone would gain
    higher security.

Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#========================================= wieck@debis.com (Jan Wieck) #

pgsql-hackers by date:

From: Dmitry Samersoff
Date: 18 June 1999, 05:55:12
Subject: Re: [HACKERS] Installation procedure wishes

From: Zeugswetter Andreas IZ5
Date: 18 June 1999, 08:04:08
Subject: Re: [HACKERS] New TODO item

Re: [HACKERS] Installation procedure wishes - Mailing list pgsql-hackers

Previous

Next