Thread: basic security

basic security

From
Robert Hollingsworth
Date:
hello,
I want to establish basic security for my pgsql database, which is on a commercial web server.  In particular, I don't want people to be able to login from the internet as my superuser.

If I ALTER USER my_superuser NOLOGIN, will that be sufficient?  I've passworded that user, but I seem to be able to get access myself without providing the password.

thanks,
REH

Re: basic security

From
Tim Bowden
Date:
See pg_hba.conf.

http://www.postgresql.org/docs/8.3/interactive/auth-pg-hba-conf.html

Regards,
Tim Bowden

On Wed, 2008-11-05 at 09:34 -0800, Robert Hollingsworth wrote:
> hello,
> I want to establish basic security for my pgsql database, which is on
> a commercial web server.  In particular, I don't want people to be
> able to login from the internet as my superuser.
>
> If I ALTER USER my_superuser NOLOGIN, will that be sufficient?  I've
> passworded that user, but I seem to be able to get access myself
> without providing the password.
>
> thanks,
> REH
>
--
Experience is that marvelous thing that enables you recognize a mistake
when you make it again.