On Friday 12 September 2003 03:59 pm, Kirk Strauser wrote: > I'm running PostgreSQL 7.3 on a FreeBSD 5.1 server. The databases are > working well and it's humming along nicely, but I really want to secure it. > > In particular, my pg_hba.conf looks like: > > local all pgsql > trust host all all 127.0.0.1 255.255.255.255 > md5 host all all 10.0.5.16 255.255.255.255 md5 > > This isn't very good. Any user connecting to the machine via the network > is authenticated as expected, but local connections slide in without > protection. The biggest problem with this comes with running phpPgAdmin. > Since it runs under Apache on the same server, it uses a local connection > to the database. That means that Joe User can type > > Username: pgsql > Password: <blank> > > and have full read/write access to all of my databases. > > This is not good. > > The alternative seems to be re-writing the first line of pg_hba.conf as > > local all all md5 > > That works decently, *except* that I have to enter the password for `pgsql' > before the database startup. > > I've Googled for the answer, but there seems to be a tremendous amount of > chaff with the wheat. I know other admins have dealt with this; how did > you handle it? Is there an important document I'm missing somewhere?
You're looking for something difficult when the easier answer is correct. As root, set pgsql's password by executing: passwd pgsql Best of luck, Andrew Gould _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"