> From: Thom Brown <thombrown@gmail.com>
> Subject: [GENERAL] Too easy to log in as the "postgres" user?
> To: "PGSQL Mailing List" <pgsql-general@postgresql.org>
> Date: Thursday, 15 October, 2009, 11:38 AM
> I've noticed that if I just log in to
> my server, I don't su to root,
> or become the postgres user, I can get straight into the
> database as
> the postgres user merely with "psql -U postgres -h
> localhost". My
> user account isn't a member of the postgres group.
>
> It appears I've not applied my security settings
> correctly. What can
> I do to prevent access this way? I'd still want to be
> able to su to
> the postgres user and log in that way, but not with the -U
> parameter
> allowing access.
You just need to change the local connections to any authentication method other than trust.
http://www.postgresql.org/docs/8.3/interactive/auth-pg-hba-conf.html
Glyn