Tom Lane wrote: > > Here is my personal security checklist for PostgreSQL: > > > - Check that there is no SQL function with SECURITY DEFINER. > > Uh, that seems a pretty strange restriction. Generally, if you are > actually concerned about security at the SQL-command level, you're > going to have to have some SECURITY DEFINER functions. You can't > build a Unix system without suid programs, either.
I was referring to http://archives.postgresql.org/pgsql-general/2007-02/msg00646.php I should have been more precise - I mean "functions with LANGUAGE SQL". I guess the security leak is fixed with the SET clause in CREATE FUNCTION, so this is probably obsolete. > > - Check that pg_hba.conf forbids remote connections to use "password", > > "crypt" or "ident" authentication. > > Most people think that remote "ident" is not very secure. That's what I mean. Again, I should have been more precise: - Make sure that pg_hba.conf does not permit remote connections to use "password", "crypt" or "ident" authentication. Yours, Laurenz Albe -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
