View Single Post
  #3   (View Single Post)  
Old 10th January 2013
ershiba ershiba is offline
Loading, please wait...
 
Join Date: Dec 2012
Posts: 34
Default

i change /var/postgresql/data/pg_hba.conf
previously, (default pg_hba.conf auth-method)
Code:
local   all             all                                     trust
host    all             all             127.0.0.1/32            trust
host    all             all             192.168.56.0/24         md5
i change to below
Code:
local   all             all                                     md5
host    all             all             127.0.0.1/32            md5
host    all             all             192.168.56.0/24         md5
i change all the trust to md5,
now it seems psql will auto prompt password,
there are a few things that i don't get it,

1. to be secure out of box (OpenBSD concept), shouldn't it be no trust in pg_hba.conf?

2. should there be ( i suggest ) a script that after initdb to prompt user to change _postgresql database user password? (something like the /usr/local/bin/mysql_secure_installation) ?

3. i assume while using putty from 192.168.56.X connect to OpenBSD and run psql, psql connect to database using bsd socket, so the "trust" there, if that is the case, which mean, any user who is able to guess postgresql database username would able to connect to pgdb.
Reply With Quote