Search Postgresql Archives

Re: Postgres Pain Points: 1 pg_hba conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/11/2016 10:04 AM, support-tiger wrote:
We have always been impressed with the Postgres project and team. The
whole hybrid SQL / JSONB functionality rocks.  The scalability rocks.
The speed and stability rock.  At the command line, Postgres rocks.  But
in applications we have had some real, and not improving pain points:

#1) pg_hba conf
Out of the box the md5 setting blocks access. Most "advice" say change
to "all all trust" and indeed that works.  But that seems a big security
issue.  Specifying a postgres role, password, and peer does not seem to
work.  And this approach is problematic if there are many roles or even
dynamically created roles.

Well pg_hba.conf is a combination of auth methods and client connection source, so you will need to be more specific about the issues you are having. Also remember first match wins, therefore if you have a restrictive match above more permissive matches it will hide them.


Or is pb_hba conf set up for web sockets and we should be using sockets?

For general use, it seems we should not have to modify this file - it
should "just work" with good security.



--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux