Thread: Basic security
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html Description: My pg_hba.conf file gives 'cert' as an authentication method. this is not mentioned on this page. I think a basic pg_hba.conf to allow remote access require ssl, and to prevent access to the postgres table would be a useful addition. The more I see about this powerful environment the more nervous I get about exploits based on aspects of it's multitude of features of which I am completely unaware - what about PUBLIC for example ? ? A basic security guide to disable dangerous defaults would be very welcome
Your link is for an old version of Postgres (8.3). Current version is 10. You can find the link for the relaive page easily, it's on the top of the page, if you use a different version that 10 (I hope you are not still at 8.3 !)
https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
On Sat, Feb 24, 2018 at 3:59 PM, PG Doc comments form <noreply@postgresql.org> wrote:
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba- conf.html
Description:
My pg_hba.conf file gives 'cert' as an authentication method. this is not
mentioned on this page.
I think a basic pg_hba.conf to allow remote access require ssl, and to
prevent access to the postgres table would be a useful addition.
The more I see about this powerful environment the more nervous I get about
exploits based on aspects of it's multitude of features of which I am
completely unaware - what about PUBLIC for example ? ?
A basic security guide to disable dangerous defaults would be very welcome