----- Original Message -----
From: "Tom Lane" <tgl@xxxxxxxxxxxxx>
To: "woger151" <woger151@xxxxxxxxxxxxxxxx>
Cc: <pgsql-general@xxxxxxxxxxxxxx>
Sent: Wednesday, January 03, 2007 9:52 AM
Subject: Re: [GENERAL] superuser authentication?
"woger151" <woger151@xxxxxxxxxxxxxxxx> writes:
What I'm not sure about is how to authenticate the postgresql superuser
(user 'postgres' on my system). I'm considering:
1. Using ident (supposedly secure because of the SO_PEERCRED mechanism;
and
I've made a lot of effort to secure the server at the OS level)
2. Using password (_not_ stored on disk in e.g. pgpass)
3. Using reject
How are you going to do backups?
Hadn't thought about that yet, though I know that periodic backups are
mandatory.
Easy to switch the authentication method back to something like password or
ident if one is doing things manually anyway, but it _would_ make it hard to
script things.
I'll have to think more about that...
regards, tom lane
