On Tue, Oct 28, 2008 at 01:43:08PM +0100, Thomas wrote: > Yes this allows to login remotely through ssh for instance. But it > doesn't offer a bigger backdoor than having a weak password on a sudo > account.
In my eyes, the you've just increased the attack surface available for getting the data---you've gone from a single account to two. Having a weak password on the sudo account is still a way in, in addition to breaking the postgres password. In practical terms this should affect things materially; if you've got a strong password on the sudoers account you're likely to have a strong one on the postgres account and vice versa. Sam -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
