Re: Local Host Security? All users should have passwords optionally...
Peter Eisentraut <peter_e@gmx.net>
From: Peter Eisentraut <peter_e@gmx.net>
To: <ivan.baldo@pilasnet.com>, <pgsql-bugs@postgresql.org>
Date: 2001-03-27T15:56:00Z
Lists: pgsql-bugs
> Iván Baldo (ivan.baldo@pilasnet.com) reports a bug with a severity of 2 > I wanted to add passwords to all the users on the database, including > the postgres user, etc. Then everything is authenticated using "crypt" > method, so it asks passwords EVERYTIME. The problem I found is that I > cannot do a "pg_dumpall" anymore, since I have no way to tell it to > use the "postgres" user with a given password. This is a known problem. You could try to patch pg_dumpall to pass the -u option every time it calls pg_dump and psql. > It tries to use the > user "root" without password and it fails miserably! What happens if a > hacker (or worst, a cracker!) enters to the machine somehow and I > don't ask passwords for unix domain sockets? Try changing the permissions on the socket file (chmod). -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/