| From: | "woger151" <woger151(at)jqpx37(dot)cotse(dot)net> |
|---|---|
| To: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | superuser authentication? |
| Date: | 2007-01-03 14:08:30 |
| Message-ID: | 002801c72f40$ae1f5590$6501a8c0@apollosjf |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I'm setting up postgresql (8.1) on what I hope to be a very secure server
(SUSE Linux 10.1).
Only authentication allowed by anyone is 'local' (unix-domain sockets).
Most users I plan on authenticating by PASSWORD (web connections are made to
an apache webserver over SSL; the actual postgresql connections are
themselves all local via pg_connect).
What I'm not sure about is how to authenticate the postgresql superuser
(user 'postgres' on my system). I'm considering:
1. Using ident (supposedly secure because of the SO_PEERCRED mechanism; and
I've made a lot of effort to secure the server at the OS level)
2. Using password (_not_ stored on disk in e.g. pgpass)
3. Using reject
My questions:
* Is 3 overly paranoid in the context of a production server?
* Would 2 or 3 hobble some kind of daemons? (A cursory search led me to
think that maybe pg_autovacuum wouldn't work, and I'm not sure if there are
other such daemons.)
* If the choice came down to 1 vs 2, is there much argument for one over the
other in terms of security? (I realize that there might not be a clear
answer to that.)
TIA
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2007-01-03 14:13:50 | Re: Generic timestamp function for updates where field |
| Previous Message | hubert depesz lubaczewski | 2007-01-03 14:05:24 | "no unpinned buffers available" ? why? (hstore and plperl involved) |