Re: confirming security.

Good tip! Thank you.

-----Original Message-----
From: pgsql-general-owner(at)postgresql(dot)org [mailto:pgsql-general-owner(at)postgresql(dot)org] On Behalf Of John R Pierce
Sent: Friday, February 22, 2013 2:35 PM
To: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] confirming security.

On 2/22/2013 8:13 AM, Maz Mohammadi wrote:
> Ahhh yes....it is now...
>
> ===========
> # TYPE DATABASE USER ADDRESS METHOD
> # "local" is for Unix domain socket connections only
> #local all all trust
> # IPv4 local connections:
> #host all all 127.0.0.1/32 trust
> # IPv6 local connections:
> #host all all ::1/128 trust
> # Allow replication connections from localhost, by a user with the #
> replication privilege.
> #local replication postgres-xc trust
> #host replication postgres-xc 127.0.0.1/32 trust
> #host replication postgres-xc ::1/128 trust
> hostssl all all 127.0.0.1/32 cert

I would leave a local line in front of that like..

local all postgres peer

this will allow the postgres user to log on regardless when using unix sockets rather than tcp/ip (eg, when not specifying any -h hostname).
handy for database administration and fixing problems.

--
john r pierce 37N 122W
somewhere on the middle of the left coast

--
Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general