Reputation: 1826
Postgresql Authentication method issue
i wonder why postgres allows trust Authentication method as it allow any role to connect without providing a password!!
if any role change the pg_hba.conf to trust then the server will be unsecure and will open to any role with any password
i would like to prevent any connection to the server without providing the right password , so how can we prevent this ? is their any best practices follow in order to secure postgres server ?
Upvotes: 0
Views: 177
Answers (2)
Reputation: 30597
As described in the manual, the postgresql daemon should be run as a separate user account which is not used for other purposes. The data directory and all the files in it should be owned by this user and permissions set so that only this user has access to it.
The initdb command which is used to initialise the database cluster will set it up like this.
If set up correctly, only the postgres user, or root, can edit pg_hba.conf.
The basic assumption behind the trust method is that the user is pre-authenticated by the environment. For example, if the database is not configured to listen on any external interface, and you are sure only authorised users can log into the server.
Section 19.3.1 describes in more detail the circumstances under which you might want to use the 'trust' method.
Upvotes: 2
Related Questions
- 'password authentication failed for user "postgres"'
- Postgres password authentication fails
- why am I getting Postgres password authentication fails error?
- Authenticate PostgreSQL user and password without database
- Postgres password authentication issue
- PostgreSQL authentification with password
- Postgresql does not prompt for password
- Securing Credentials for DB access
- PostgreSQL multiple authentication methods
- Postgresql client authentication issue