| From: | Arcady Genkin <a(dot)genkin(at)utoronto(dot)ca> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Authenticating user `postgres' |
| Date: | 2001-09-27 22:40:46 |
| Message-ID: | r1z3d58fea9.fsf@bashful.cdf.toronto.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> Offhand I'd think it foolish to make it easier to get into the
> superuser account than regular accounts anyway.
Not so much if the database only listens on unix domain socket, which
has tight permissions, and a UNIX user has to identify himself with a
valid password anyways.
> One possibility is to run an IDENT daemon and allow ident-authenticated
> connections from 127.0.0.1. Then "pg_dumpall -h localhost" would work
> without a password. Trusting other people's IDENT daemons is widely
> considered a bad idea, but I see no reason not to trust your own.
I don't want to enable TCP connections at all.
Besides, I want other local clients to use passwords.
Thanks for your reply,
--
Arcady Genkin
i=1; while 1, hilb(i); i=i+1; end
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Randal L. Schwartz | 2001-09-27 22:47:15 | Re: Randomize Result Set Order |
| Previous Message | Arcady Genkin | 2001-09-27 22:37:21 | Re: Authenticating user `postgres' |