i change /var/postgresql/data/pg_hba.conf
previously, (default pg_hba.conf auth-method)
Code:
local all all trust
host all all 127.0.0.1/32 trust
host all all 192.168.56.0/24 md5
i change to below
Code:
local all all md5
host all all 127.0.0.1/32 md5
host all all 192.168.56.0/24 md5
i change all the trust to md5,
now it seems psql will auto prompt password,
there are a few things that i don't get it,
1. to be secure out of box (OpenBSD concept), shouldn't it be no trust in pg_hba.conf?
2. should there be ( i suggest ) a script that after initdb to prompt user to change _postgresql database user password? (something like the /usr/local/bin/mysql_secure_installation) ?
3. i assume while using putty from 192.168.56.X connect to OpenBSD and run psql, psql connect to database using bsd socket, so the "trust" there, if that is the case, which mean, any user who is able to guess postgresql database username would able to connect to pgdb.