Re: Authenticating user `postgres'
Arcady Genkin <a.genkin@utoronto.ca>
From: Arcady Genkin <a.genkin@utoronto.ca>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-general@postgresql.org
Date: 2001-09-28T20:06:57Z
Lists: pgsql-general
Tom Lane <tgl@sss.pgh.pa.us> writes: > Arcady Genkin <a.genkin@utoronto.ca> writes: > > Tom Lane <tgl@sss.pgh.pa.us> writes: > >> Offhand I'd think it foolish to make it easier to get into the > >> superuser account than regular accounts anyway. > > > Not so much if the database only listens on unix domain socket, which > > has tight permissions, and a UNIX user has to identify himself with a > > valid password anyways. > > So? If you can trust local connections from the user who is superuser > to be correctly authenticated, then you can also trust local connections > from the users who are non-superusers. I really completely fail to see > the point of requiring a password to connect to non-critical accounts > while having no password (*LESS* security) for the critical superuser > account. Suppose that one of the non-superusers accounts is user `apache'. There is a higher chance that this user account is compromised, than the `postgres' account. I can see your point, though. -- Arcady Genkin