Search Postgresql Archives

superuser authentication?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm setting up postgresql (8.1) on what I hope to be a very secure server (SUSE Linux 10.1).

Only authentication allowed by anyone is 'local' (unix-domain sockets).

Most users I plan on authenticating by PASSWORD (web connections are made to an apache webserver over SSL; the actual postgresql connections are themselves all local via pg_connect).

What I'm not sure about is how to authenticate the postgresql superuser (user 'postgres' on my system). I'm considering:

1. Using ident (supposedly secure because of the SO_PEERCRED mechanism; and I've made a lot of effort to secure the server at the OS level)
2.  Using password (_not_ stored on disk in e.g. pgpass)
3.  Using reject

My questions:
* Is 3 overly paranoid in the context of a production server?
* Would 2 or 3 hobble some kind of daemons? (A cursory search led me to think that maybe pg_autovacuum wouldn't work, and I'm not sure if there are other such daemons.) * If the choice came down to 1 vs 2, is there much argument for one over the other in terms of security? (I realize that there might not be a clear answer to that.)

TIA


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux