The default security setup in PG is to allow all connections from localhost, w/o password. This should be changed. You'll find this in your $PGDATA directory, in the file pg_hba.conf.
- J. Joel BURTON | [EMAIL PROTECTED] | joelburton.com | aim: wjoelburton Knowledge Management & Technology Consultant > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of shreedhar > Sent: Monday, May 20, 2002 5:33 AM > To: PostgreSQL > Subject: [ADMIN] Problem in User Securities > > > Hello All, > > I am new to Postgres, While I was checking 'User Securities' in postgres I > got the following problem. > > I created a user using 'createuser' command and gave superuser > permissions. > > but while accessing database, even if we have not given '-W' password > option it is entering into database. So who knows Unix administrator > password can enter into any database if they know corresponding login name > and they work with the same permissions.. > > And also i observed that even we can enter into template1 with out giving > any username or password. > > I doubt there will be a way to restrict this. > > Can any body help me regarding this. > > Thanks alot, > > With best Regards > bhaskararaju > > > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED] > ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
