Search Postgresql Archives

Re: Postgres Pain Points: 1 pg_hba conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 11, 2016 at 11:04:37AM -0600, support-tiger wrote:

> #1) pg_hba conf
> Out of the box the md5 setting blocks access. Most "advice" say change to
> "all all trust" and indeed that works.  But that seems a big security issue.
> Specifying a postgres role, password, and peer does not seem to work.  And
> this approach is problematic if there are many roles or even dynamically
> created roles.
> 
> Or is pb_hba conf set up for web sockets and we should be using sockets?
> 
> For general use, it seems we should not have to modify this file - it should
> "just work" with good security.

While I agree this sounds desirable I don't think it is
possible (depending on the definition of "possible").

Would you like to offer a suggestion as to what pg_hba.conf
should be configured as by default ? (Note that I am not
soliciting a suggestion on behalf of the PostgreSQL team.)

Methinks "deny-by-default" is Good Practice security-wise ?

Regards,
Karsten
-- 
GPG key ID E4071346 @ eu.pool.sks-keyservers.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346


-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux