The postgresql.conf and pg_hba.conf files are deployed as delivered by the PostgreSQL Global Development Group. They state (in their FAQ), "By default, new clusters are created with the 'trust' scheme, where any local user is allowed to connect to the database." It is my assumption that they do this for ease of deployment.
Some packagers of PostgreSQL change this default. The OpenBSD port does not. Instead, the port's $MAINTAINER includes a README-server file that includes some discusson of security, authentication, and encryption among other advice.
You may, if you wish, contact the port $MAINTAINER to discuss altering the defaults. Or you may contact the PostgreSQL Global Development Group and recommend changing their default distribution.
In my case, I would review and revise access and authentication controls to meet my needs in any case, and not assume defaults meet my security requirements.
|