-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I'm putting together a system to monitor multiple postgresql
installations and to gain full access to all remote statistics I'd like
to connect as the super user.
To do that I'd add a single IP entry in pg_hba.conf for the monitoring
machine and give the superuser a password.
The things I know I want to keep in mind:
o Ensure I only allow user pgsql access from that one IP
o Ensure I'm not passing the password or hash in cleartext over the
general internet
o (Alternatively, use SSL for all superuser connections)
o Keep local 'trust' access for 'all' so I can continue to use tools
like pg_dump locally without passwords
Is there any other gotchas to this? Is it a bad idea for some other reason?
Generally speaking I can trust local users, if I run into a situation
where I can't I'd deal with that differently.
Thanks.
- Justin
- --
Justin Hawkins Email: justin@xxxxxxxxxxxxxxxx (W)
Systems Programmer/DBA Email: justin@xxxxxxxxxxxxx (H)
Internode Systems Pty Ltd Phone: +61-8-82282999
"Sometimes I can hardly see the mirrors for the smoke"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCXzv0h8++ylYTZ1sRAsn2AKC23eW2Rkl73NJ0fz5cvwBXW8kDMgCgpSgm
vbiq9r5ZcakX0PxWryaRxRg=
=sguV
-----END PGP SIGNATURE-----
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo@xxxxxxxxxxxxxx)
