On 08/11/2016 10:04 AM, support-tiger wrote:
We have always been impressed with the Postgres project and team. The whole hybrid SQL / JSONB functionality rocks. The scalability rocks. The speed and stability rock. At the command line, Postgres rocks. But in applications we have had some real, and not improving pain points: #1) pg_hba conf Out of the box the md5 setting blocks access. Most "advice" say change to "all all trust" and indeed that works. But that seems a big security issue. Specifying a postgres role, password, and peer does not seem to work. And this approach is problematic if there are many roles or even dynamically created roles.
Well pg_hba.conf is a combination of auth methods and client connection source, so you will need to be more specific about the issues you are having. Also remember first match wins, therefore if you have a restrictive match above more permissive matches it will hide them.
Or is pb_hba conf set up for web sockets and we should be using sockets? For general use, it seems we should not have to modify this file - it should "just work" with good security.
-- Adrian Klaver adrian.klaver@xxxxxxxxxxx -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
