Re: FW: [ppa-dev] Severe bug in debian - phppgadmin opens

> "Christopher Kings-Lynne" <chriskl@familyhealth.com.au> writes:
> > This came across the phpPgAdmin list, and I'm reposting it here in case it
> > is actually true...?  If it is, is it a Postgres or a Debian package issue?
> 
> The default installation is indeed insecure with respect to other local
> users; you don't want to use TRUST auth method on a multi-user box.  We
> need to document that more prominently.  But the default install is not
> insecure w.r.t. to outside connections, because it doesn't allow any.
> In particular, this advice is horsepucky:

Let me tell you what bothers me about our default install.  If some
software installed all its data files in a world-writable directory, we
would consider it a security hole.  But because we are Internet-enabled,
and because our insecurity is only local, it seems OK to people.

I am not sure about a solution, but I am shocked we haven't been beaten
up about this more often.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026