Re: db security; user identification
| От | Martin Atukunda |
|---|---|
| Тема | Re: db security; user identification |
| Дата | |
| Msg-id | 200401271654.14039.matlads@myrealbox.com обсуждение исходный текст |
| Ответ на | Re: db security; user identification (Marcin Gil <marcin.gil@audax.com.pl>) |
| Ответы |
Re: db security; user identification
|
| Список | pgsql-novice |
On Tuesday 27 January 2004 16:21, Marcin Gil wrote: > Martin Atukunda wrote: > > - local all all trust > > + local all postgres trust > > + local all all md5 > > Ok. but if user does: > psql -d template1 -U postgres? > > then he won't be asked about password but should. > Everyone who can access psql, can get into db as postgres user. > Not safe I suppose. Quite true. This is not a safe option, particularly if you don't trust local users. I suppose in this case you could maintain the following in pg_hba.conf: - local all all trust + local all all md5 and then have init the postmaster by using su. i.e. 235:respawn:/bin/su - postgres -c /usr/local/pgsql/bin/start.sh with start.sh having: #!/bin/sh DATADIR=/usr/local/pgsql/data OPTIONS="-i -N 256 -B 512" LOGFILE=/usr/local/pgsql/server.log postmaster -D $DATADIR $OPTIONS > $LOGFILE 2>&1 - Martin - -- "If we don't succeed, we run the risk of failure." --Bill Clinton, President
В списке pgsql-novice по дате отправления: