This one time, at band camp, Denis Feklushkin said:
> Any local user can completely disable NSS resolution in DB by changing
> the password to the database.
>
> Unlike mysql, postgres does not allow create a user ("role") which has
> no possibility to change own password (so-called "anonymous user").
>
> Thus, any local user can obtain password from /etc/nss-pgsql.conf,
> change it and access to the DB will be corruptedOK, I'll bite - why are you not making access to the database 'trust' in pg_hba.conf? And why is a misconfiguration of postgres a bug in nss-pgsql? Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [email protected] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
