From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Ian Barwick <barwick(at)akademie(dot)de> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Security note: MS SQL is current worm vector |
Date: | 2001-12-05 20:50:28 |
Message-ID: | 200112052050.fB5KoSQ08405@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On Sunday 25 November 2001 18:13, Tom Lane wrote:
> > Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> writes:
> > > Yeah, by default Postgresql ships practically without any access
> > > controls.
> >
> (...)
> > I do wonder whether we shouldn't list "think about your access controls"
> > as an explicit step in the installation instructions or server startup
> > instructions. The default configuration is definitely uncool on
> > multiuser machines, but a novice might not find that out till too late.
>
> It might be worth explicitly mentioning the following:
>
> 1) use initdb with the -W option, so that a superuser password
> is set during db initialisation and before the server is started;
I have added documentation for the -W flag. You can see it at:
http://216.55.132.35/main/writings/pgsql/sgml/creating-cluster.html
> 2) before starting the server change the appropriate settings
> in pg_hba.conf from 'trusted' to 'password' (or whatever other
> authentication system is to be used).
Also mentioned.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
From | Date | Subject | |
---|---|---|---|
Next Message | Hannu Krosing | 2001-12-05 21:04:01 | Re: Licensing |
Previous Message | Laszlo Hornyak | 2001-12-05 19:39:28 | Re: [GENERAL] java stored procedures |