| From: | "woger151" <woger151(at)jqpx37(dot)cotse(dot)net> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: superuser authentication? |
| Date: | 2007-01-03 23:13:26 |
| Message-ID: | 008301c72f8c$d18b9060$6501a8c0@apollosjf |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
----- Original Message -----
From: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "woger151" <woger151(at)jqpx37(dot)cotse(dot)net>
Cc: <pgsql-general(at)postgresql(dot)org>
Sent: Wednesday, January 03, 2007 9:52 AM
Subject: Re: [GENERAL] superuser authentication?
> "woger151" <woger151(at)jqpx37(dot)cotse(dot)net> writes:
>> What I'm not sure about is how to authenticate the postgresql superuser
>> (user 'postgres' on my system). I'm considering:
>
>> 1. Using ident (supposedly secure because of the SO_PEERCRED mechanism;
>> and
>> I've made a lot of effort to secure the server at the OS level)
>> 2. Using password (_not_ stored on disk in e.g. pgpass)
>> 3. Using reject
>
> How are you going to do backups?
Hadn't thought about that yet, though I know that periodic backups are
mandatory.
Easy to switch the authentication method back to something like password or
ident if one is doing things manually anyway, but it _would_ make it hard to
script things.
I'll have to think more about that...
>
> regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2007-01-04 00:15:30 | Re: Generic timestamp function for updates where field |
| Previous Message | woger151 | 2007-01-03 23:09:53 | Re: superuser authentication? |