| From: | Arcady Genkin <a(dot)genkin(at)utoronto(dot)ca> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Authenticating user `postgres' |
| Date: | 2001-09-28 20:06:57 |
| Message-ID: | r1zlmizuljy.fsf@bashful.cdf.toronto.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> Arcady Genkin <a(dot)genkin(at)utoronto(dot)ca> writes:
> > Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> >> Offhand I'd think it foolish to make it easier to get into the
> >> superuser account than regular accounts anyway.
>
> > Not so much if the database only listens on unix domain socket, which
> > has tight permissions, and a UNIX user has to identify himself with a
> > valid password anyways.
>
> So? If you can trust local connections from the user who is superuser
> to be correctly authenticated, then you can also trust local connections
> from the users who are non-superusers. I really completely fail to see
> the point of requiring a password to connect to non-critical accounts
> while having no password (*LESS* security) for the critical superuser
> account.
Suppose that one of the non-superusers accounts is user `apache'.
There is a higher chance that this user account is compromised, than
the `postgres' account. I can see your point, though.
--
Arcady Genkin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mihai Gheorghiu | 2001-09-28 20:07:54 | Triggers and rules |
| Previous Message | Lamar Owen | 2001-09-28 20:05:16 | Re: postgresql.conf |