Quote:
|
3. i assume while using putty from 192.168.56.X connect to OpenBSD and run psql, psql connect to database using bsd socket, so the "trust" there, if that is the case, which mean, any user who is able to guess postgresql database username would able to connect to pgdb.
|
You are correct. "Trust" means that you trust all users.
It is up to you, the administrator, to ensure you have configured your applications and database systems with appropriate security. For example, in my PostgreSQL environment:
- Only "md5" authentication method is used for all connections in pg_hba.conf. "Trust" is never used.
- The only SQL connections permitted are from the application servers and a local Unix socket for administration.
- The socket file is chmod 044, chown dba:_postgresql and the dba group contains only _postgresql and my userid.
- The permitted network connections are restricted by both pg_hba.conf and by PF configuration.