| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Postgres Pain Points: 1 pg_hba conf |
| Date: | 2016-08-16 20:55:17 |
| Message-ID: | 7d916645-33b4-21bf-e131-d711f2af0f72@hogranch.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 8/16/2016 1:32 PM, support-tiger wrote:
> local all all trust
so all unix 'domain' connections will allow any process on the system to
authenticate as any SQL user. I nearly always use peer here. my
applications which want to connect as a different db user than their os
user, I specify host=localhost so it uses below instead...
> host all all 127.0.0.1/32 trust
anyone coming in via ipv4 localhost can also authenticate as any SQL
user. I always use md5 here, so apps connecting with host=localhost can
specify a sql user, with a password.
> host all all ::1/128 ident
anyone coming in as ipv6 localhost will require authd/identd protocol to
identify them... ugh, hardly noone runs authd anymore, its considered
bad security practice. its also inconsistent with ipv4 localhost above,
so if you -h localhost, you're not sure what you're getting... I would
always use md5 here.
--
john r pierce, recycling bits in santa cruz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2016-08-16 20:55:18 | Re: [GENERAL] C++ port of Postgres |
| Previous Message | Jim Nasby | 2016-08-16 20:48:00 | Re: [GENERAL] C++ port of Postgres |