Iván Baldo ([EMAIL PROTECTED]) reports a bug with a severity of 2
The lower the number the more severe it is.
Short Description
Local Host Security? All users should have passwords optionally...
Long Description
I wanted to add passwords to all the users on the database, including the postgres
user, etc. Then everything is authenticated using "crypt" method, so it asks passwords
EVERYTIME.
The problem I found is that I cannot do a "pg_dumpall" anymore, since I have no way to
tell it to use the "postgres" user with a given password. It tries to use the user
"root" without password and it fails miserably!
What happens if a hacker (or worst, a cracker!) enters to the machine somehow and I
don't ask passwords for unix domain sockets? Well, it has access to all my data... Ok,
this should not happen, but I worry if it happens and I think it is important to
enforce the security a little more in Postgres. The documentation doesn't say anything
about this...
Sample Code
No file was uploaded with this report
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?
http://www.postgresql.org/search.mpl
