The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html Description:
My pg_hba.conf file gives 'cert' as an authentication method. this is not mentioned on this page. I think a basic pg_hba.conf to allow remote access require ssl, and to prevent access to the postgres table would be a useful addition. The more I see about this powerful environment the more nervous I get about exploits based on aspects of it's multitude of features of which I am completely unaware - what about PUBLIC for example ? ? A basic security guide to disable dangerous defaults would be very welcome
