> From: Thom Brown <thombrown@xxxxxxxxx> > Subject: Too easy to log in as the "postgres" user? > To: "PGSQL Mailing List" <pgsql-general@xxxxxxxxxxxxxx> > Date: Thursday, 15 October, 2009, 11:38 AM > I've noticed that if I just log in to > my server, I don't su to root, > or become the postgres user, I can get straight into the > database as > the postgres user merely with "psql -U postgres -h > localhost". My > user account isn't a member of the postgres group. > > It appears I've not applied my security settings > correctly. What can > I do to prevent access this way? I'd still want to be > able to su to > the postgres user and log in that way, but not with the -U > parameter > allowing access. You just need to change the local connections to any authentication method other than trust. http://www.postgresql.org/docs/8.3/interactive/auth-pg-hba-conf.html Glyn -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
