Re: Security note: MS SQL is current worm vector
| От | Bruce Momjian |
|---|---|
| Тема | Re: Security note: MS SQL is current worm vector |
| Дата | |
| Msg-id | 200112052050.fB5KoSQ08405@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: Security note: MS SQL is current worm vector (Ian Barwick <barwick@akademie.de>) |
| Список | pgsql-hackers |
> On Sunday 25 November 2001 18:13, Tom Lane wrote: > > Lincoln Yeoh <lyeoh@pop.jaring.my> writes: > > > Yeah, by default Postgresql ships practically without any access > > > controls. > > > (...) > > I do wonder whether we shouldn't list "think about your access controls" > > as an explicit step in the installation instructions or server startup > > instructions. The default configuration is definitely uncool on > > multiuser machines, but a novice might not find that out till too late. > > It might be worth explicitly mentioning the following: > > 1) use initdb with the -W option, so that a superuser password > is set during db initialisation and before the server is started; I have added documentation for the -W flag. You can see it at: http://216.55.132.35/main/writings/pgsql/sgml/creating-cluster.html > 2) before starting the server change the appropriate settings > in pg_hba.conf from 'trusted' to 'password' (or whatever other > authentication system is to be used). Also mentioned. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
В списке pgsql-hackers по дате отправления: