On Thu, Aug 11, 2016 at 11:04:37AM -0600, support-tiger wrote: > #1) pg_hba conf > Out of the box the md5 setting blocks access. Most "advice" say change to > "all all trust" and indeed that works. But that seems a big security issue. > Specifying a postgres role, password, and peer does not seem to work. And > this approach is problematic if there are many roles or even dynamically > created roles. > > Or is pb_hba conf set up for web sockets and we should be using sockets? > > For general use, it seems we should not have to modify this file - it should > "just work" with good security. While I agree this sounds desirable I don't think it is possible (depending on the definition of "possible"). Would you like to offer a suggestion as to what pg_hba.conf should be configured as by default ? (Note that I am not soliciting a suggestion on behalf of the PostgreSQL team.) Methinks "deny-by-default" is Good Practice security-wise ? Regards, Karsten -- GPG key ID E4071346 @ eu.pool.sks-keyservers.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
