Thread: Problem: Security loose

Problem: Security loose

From
"Ravil Aitov"
Date:
Any user can connect to server (postgresql-7.1) as "postgres" using Perl
interface:
----
use Pg;
$conn = Pg::connectdb("dbname=mydb user=postgres");
(and make there anything!)
----
How it can be eliminated?

Ravil D. Aitov



Re: Problem: Security loose

From
Tom Lane
Date:
"Ravil Aitov" <ravil@pi8plus.ru> writes:
> Any user can connect to server (postgresql-7.1) as "postgres" using Perl
> interface:

Don't use "trust" authentication mode in pg_hba.conf if you don't trust
your users.
        regards, tom lane