| From: | Chris Browne <cbbrowne(at)acm(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Password for postgresql superuser? |
| Date: | 2006-06-08 16:30:57 |
| Message-ID: | 60slmfwqwu.fsf@dba2.int.libertyrms.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
jqpx37(at)iprive(dot)com ("jqpx37") writes:
> Is there any security risk in the postgresql superuser having a
> password?
>
> I installed a Linux distro recently and had it install Postgresql.
> It automatically set up the postgres account; the account was set up
> with no password.
>
> I could of course create a password, but it's not clear to me that's
> a good thing from a security standpoint.
That depends on your security policies.
There's a pretty good argument to be made that a 'postgres' account
should only permit people in via "su -", in which case it might not
need to have an individual password...
--
(format nil "~S(at)~S" "cbbrowne" "cbbrowne.com")
http://www3.sympatico.ca/cbbrowne/oses.html
"If you give someone Fortran, he has Fortran.
If you give someone Lisp, he has any language he pleases."
-- Guy L. Steele Jr.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim C. Nasby | 2006-06-08 16:43:58 | Re: Trigger function to audit any kind of table |
| Previous Message | jqpx37 | 2006-06-08 15:08:32 | Re: Password for postgresql superuser? |