Wed Sep 7 22:14:08 PDT 2005
- Previous message: [Slony1-general] Compile
- Next message: [Slony1-general] Forcing an existing node to copy data fresh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well if you do this then your data is only as secure as your system, and your system may be less secure than you think. With this setup, any user account that is compromised gives the hacker full access to your data, even if it is a very low-privilidge account. A hacker may not be able to easily get root access, but they could find their way on through a lesser account. Personally, I would not do this at all. If you need to do this, you might at least just trust the user name that your web system connects as, and then only for the database it connects to. This costs you nothing. Sebastian K?hner said: > Hi! > > Thanks for the hint with the .pgpass. This solution works for me, but > isn't > this the same like editing the pg_hba.conf like this: > > host all all 127.0.0.1 255.255.255.255 md5 > host all all 192.168.1.225 255.255.255.255 trust > host all all 192.168.1.223 255.255.255.255 trust > > That means that all postgres servers that "participate" in the replication > have to be in there (here 223 y 225). > > Does anyone of you see a security hole? I do not. The postgres web > interface > connects to "localhost"... > > Many thanks! > > Sebastian >
- Previous message: [Slony1-general] Compile
- Next message: [Slony1-general] Forcing an existing node to copy data fresh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-general mailing list