Thread: "trust" authentication in pg_hba.conf

"trust" authentication in pg_hba.conf

From

Chris Withers

Date:

25 November 2015, 00:33:53

Hi All,

What's the default contents of pg_hba.conf that postgres ships with?

I've been to it contains 'trust' for all local connections.
Is this wise? Anyone who can get a shell on your database server can
connect to any database as any user?

cheers,

Chris

Re: "trust" authentication in pg_hba.conf

From

John R Pierce

Date:

25 November 2015, 00:37:23

On 11/24/2015 1:33 PM, Chris Withers wrote:
>
> What's the default contents of pg_hba.conf that postgres ships with?
>
> I've been to it contains 'trust' for all local connections.
> Is this wise? Anyone who can get a shell on your database server can
> connect to any database as any user?

it varies with distributions, and it can be specified via the -A/--auth
argument to initdb.   most distributions I've seen use 'peer' for local
connections by default.

--
john r pierce, recycling bits in santa cruz

Re: "trust" authentication in pg_hba.conf

From

Stephen Frost

Date:

25 November 2015, 16:42:38

* Chris Withers (chris@simplistix.co.uk) wrote:
> What's the default contents of pg_hba.conf that postgres ships with?

The PG community provides both source code, which is expected to be used
by developers and is therefore wide open, and binary packages, which are
expected to be used by end users and therefore has sensible defaults for
authentication (mainly 'peer').

> I've been to it contains 'trust' for all local connections.
> Is this wise? Anyone who can get a shell on your database server can
> connect to any database as any user?

It is not wise to run with 'trust' in a non-development environment.

Thanks!

Stephen

Attachment

signature.asc