Trying to secure PostgreSQL
Andrew L. Gould
algould at datawok.com
Fri Sep 12 16:28:58 PDT 2003
On Friday 12 September 2003 05:13 pm, Kirk Strauser wrote:
> At 2003-09-12T21:39:14Z, "Andrew L. Gould" <algould at datawok.com> writes:
> > You're looking for something difficult when the easier answer is correct.
> >
> > As root, set pgsql's password by executing:
> >
> > passwd pgsql
>
> What would that buy me? After doing that, I can still access any database
> on the system with:
>
> kirk at kanga:~$ psql -U pgsql template1
> Welcome to psql 7.3.4, the PostgreSQL interactive terminal.
>
> without being prompted for a password. I don't want users, even local
> users, to have full run of the database as the user of their choice.
In your situation, I would give pgsql a password, regardless. Then read the
documentation that comes in pg_hba.conf and at:
http://www.postgresql.org/docs/7.3/static/client-authentication.html#AUTH-PG-HBA-CONF
You might be interested in 'ident same' or some other combination of options.
Andrew Gould
More information about the freebsd-questions
mailing list