jqpx37@iprive.com ("jqpx37") writes:
> Is there any security risk in the postgresql superuser having a
> password?
>
> I installed a Linux distro recently and had it install Postgresql.
> It automatically set up the postgres account; the account was set up
> with no password.
>
> I could of course create a password, but it's not clear to me that's
> a good thing from a security standpoint.
That depends on your security policies.
There's a pretty good argument to be made that a 'postgres' account
should only permit people in via "su -", in which case it might not
need to have an individual password...
--
(format nil "~S@~S" "cbbrowne" "cbbrowne.com")
http://www3.sympatico.ca/cbbrowne/oses.html
"If you give someone Fortran, he has Fortran.
If you give someone Lisp, he has any language he pleases."
-- Guy L. Steele Jr.