"Albe Laurenz" <laurenz.albe@wien.gv.at> writes:
> Here is my personal security checklist for PostgreSQL:
> - Check that there is no SQL function with SECURITY DEFINER.
Uh, that seems a pretty strange restriction. Generally, if you are
actually concerned about security at the SQL-command level, you're
going to have to have some SECURITY DEFINER functions. You can't
build a Unix system without suid programs, either.
> - Check that pg_hba.conf forbids remote connections to use "password", "crypt" or "ident" authentication.
Most people think that remote "ident" is not very secure.
regards, tom lane