Re: Questions from a Newbie
| От | Shane Ambler |
|---|---|
| Тема | Re: Questions from a Newbie |
| Дата | |
| Msg-id | 45DB2F95.1010107@Sheeky.Biz обсуждение исходный текст |
| Ответ на | Questions from a Newbie (John Gardner <john.gardner@tagish.co.uk>) |
| Список | pgsql-novice |
John Gardner wrote: > Hi everyone! > > I really am a newbie to Postgres, and I have few questions... mainly > security orientated, which I'm hoping I can get a definitive answer on. > > 1) listen_addresses in postgresql.sql - The documentation states that; > > "...The value takes the form of a comma-separated list of host names > and/or numeric IP addresses. The special entry * corresponds to all > available IP interfaces. If the list is empty, the server does not > listen on any IP interface at all, in which case only Unix-domain > sockets can be used to connect to it. The default value is localhost, > which allows only local "loopback" connections to be made. This > parameter can only be set at server start." > > I'd like to be able to allow all users on a particular subnet to connect > to the server using PGAdminIII and originally set the variable to: > > listen_addresses = 'localhost, 192.168.1.*' Listen address is the ip address of the server. Entering * means it will listen on any and all ip addresses assigned to all network interfaces on the server. Unless you have multiple network cards then * or localhost will be fine, otherwise you want the ip address of the machine running postgresql eg. 192.168.1.250 The security setting you are interested in is located in the pg_hba.conf file - this file determines who is allowed to connect to postgresql and from what machines. You will most likely want a line like - host all all 192.168.1.0/24 md5 The file itself contains enough info or you can read it in the docs. > This didn't allow the server to start, so I assume this is incorrect. > Is there any way that this can be done? > > 2) How do you set the default 'postgres' Login Role to have a password? > I did what I thought was the correct way in PgAdmin to assign it a > password, and resultant code in the SQL pane does seem like it has an > MD5 password assigned to it, but our security scanning software still > assures me that, "Your PostgreSQL database is not password protected. > We could log in as the user 'postgres'." > You may have an entry in pg_hba.conf that allows non-password logins. From the above example I gave the md5 at the end means the client can use md5 password encryption to login - if this is set to trust then a password is not required. This may be on the line with 127.0.0.1 -- Shane Ambler pgSQL@Sheeky.Biz Get Sheeky @ http://Sheeky.Biz
В списке pgsql-novice по дате отправления: