Re: [HACKERS] Installation procedure wishes - Mailing list pgsql-hackers

From wieck@debis.com (Jan Wieck)
Subject Re: [HACKERS] Installation procedure wishes
Date
Msg-id m10utl0-0003kLC@orion.SAPserv.Hamburg.dsh.de
Whole thread Raw
In response to Re: [HACKERS] Installation procedure wishes  (Bruce Momjian <maillist@candle.pha.pa.us>)
Responses Re: [HACKERS] Installation procedure wishest
List pgsql-hackers
Bruce Momjian wrote:

>
> >     But if you have choosen the conservative way of beeing a site
> >     admin, noone will ever tell you if you forgot  to  DISABLE  a
> >     feature after a 50 hour restore marathon.
>
> Yes, the same reason postmaster -i flag is required to enable tcp/ip.

    That's  a detail I'm in doubt about. Our defaults for AF_UNIX
    sockets is trust (and AFAIK must  be  because  identd  cannot
    handle  them).  Thus  any  user who has a local shell account
    could easily become db user postgres.

    I think a default of host-localhost-ident-sameuser and giving
    superusers  the  builtin  right to become everyone would gain
    higher security.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#========================================= wieck@debis.com (Jan Wieck) #

pgsql-hackers by date:

Previous
From: Dmitry Samersoff
Date:
Subject: Re: [HACKERS] Installation procedure wishes
Next
From: Zeugswetter Andreas IZ5
Date:
Subject: Re: [HACKERS] New TODO item