From: | Tim Cross <theophilusx(at)gmail(dot)com> |
---|---|
To: | Devendra Yadav <devendra(dot)857(at)gmail(dot)com> |
Cc: | John Wiencek <jwiencek3(at)comcast(dot)net>, Shreeyansh Dba <shreeyansh2014(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | Re: Rename or Removing Postgres user |
Date: | 2019-02-14 12:36:58 |
Message-ID: | CAC=50j8dP__7On9NT8uQ1QPjNM+nyVb-buKxTs5mqjOjppgSdQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Thu, 14 Feb 2019 at 23:15, Devendra Yadav <devendra(dot)857(at)gmail(dot)com> wrote:
> Dear Shreeyansh,
>
> Thanks a lot for your advice. I did it the same way you mentioned. Please
> share if it has any pull off.
>
>
> Dear John,
>
> One of the main reason behind it is majorly Security. Can you help me with
> the effects of doing so.
>
> Thanks & Regards,
> Devendra
>
Changing the name or disabling postgres is not going to have any
appreciable impact on improving security - in fact, you run the risk of
reducing security and potentially introducing other problems because you
are going to make your environment bespoke and possibly more complex to
work with. Many security weaknesses are the result of simple admin errors
rather than due to 'evit doers' attacking your system. Bottom line is that
all your database administrator accounts need to be hardened and secure
regardless of what name is used. By changing the name, you run the risk
that the account won't be included in audits and other security checks or
administrators will not recognise the level of sensitivity which should be
applied to the account. Far better off to use the standard account, but
make sure it is locked down with multiple layers of security.
--
regards,
Tim
--
Tim Cross
From | Date | Subject | |
---|---|---|---|
Next Message | soumik.bhattacharjee | 2019-02-14 15:45:21 | Table Drop Error |
Previous Message | Laurenz Albe | 2019-02-14 12:30:32 | Re: Rename or Removing Postgres user |