Thread: Problem in User Securities

Problem in User Securities

From
"shreedhar"
Date:
Hello All,

I am new to Postgres, While I was checking 'User Securities' in postgres I
got the following problem.

I created a user using 'createuser' command and gave superuser permissions.

but while accessing database, even if we have not given   '-W' password
option it is entering into database. So who knows Unix administrator
password can enter into any database if they know corresponding login name
and they work with the same permissions..

And also i observed that even we can enter into template1 with out giving
any username or password.

I doubt there will be a way to restrict this.

Can any body help me regarding this.

Thanks alot,

With best Regards
bhaskararaju



Re: Problem in User Securities

From
"Joel Burton"
Date:
The default security setup in PG is to allow all connections from localhost,
w/o password. This should be changed. You'll find this in your $PGDATA
directory, in the file pg_hba.conf.

- J.

Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton
Knowledge Management & Technology Consultant

> -----Original Message-----
> From: pgsql-admin-owner@postgresql.org
> [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of shreedhar
> Sent: Monday, May 20, 2002 5:33 AM
> To: PostgreSQL
> Subject: [ADMIN] Problem in User Securities
>
>
> Hello All,
>
> I am new to Postgres, While I was checking 'User Securities' in postgres I
> got the following problem.
>
> I created a user using 'createuser' command and gave superuser
> permissions.
>
> but while accessing database, even if we have not given   '-W' password
> option it is entering into database. So who knows Unix administrator
> password can enter into any database if they know corresponding login name
> and they work with the same permissions..
>
> And also i observed that even we can enter into template1 with out giving
> any username or password.
>
> I doubt there will be a way to restrict this.
>
> Can any body help me regarding this.
>
> Thanks alot,
>
> With best Regards
> bhaskararaju
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>