Date: Fri, 12 Sep 2003 18:28:41 -0500 From: "Andrew L. Gould" <algould@datawok.com> To: Kirk Strauser <kirk@strauser.com> Cc: freebsd-questions@freebsd.org Subject: Re: Trying to secure PostgreSQL Message-ID: <200309121828.41900.algould@datawok.com> In-Reply-To: <87fzj1bqp9.fsf@strauser.com> References: <87r82lbu4y.fsf@strauser.com> <200309121639.14573.algould@datawok.com> <87fzj1bqp9.fsf@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 12 September 2003 05:13 pm, Kirk Strauser wrote: > At 2003-09-12T21:39:14Z, "Andrew L. Gould" <algould@datawok.com> writes: > > You're looking for something difficult when the easier answer is correct. > > > > As root, set pgsql's password by executing: > > > > passwd pgsql > > What would that buy me? After doing that, I can still access any database > on the system with: > > kirk@kanga:~$ psql -U pgsql template1 > Welcome to psql 7.3.4, the PostgreSQL interactive terminal. > > without being prompted for a password. I don't want users, even local > users, to have full run of the database as the user of their choice. In your situation, I would give pgsql a password, regardless. Then read the documentation that comes in pg_hba.conf and at: http://www.postgresql.org/docs/7.3/static/client-authentication.html#AUTH-PG-HBA-CONF You might be interested in 'ident same' or some other combination of options. Andrew Gould
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309121828.41900.algould>