Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Questions from a Newbie
- From: Shane Ambler <pgsql(at)Sheeky(dot)Biz>
- To: John Gardner <john(dot)gardner(at)tagish(dot)co(dot)uk>
- Cc: Postgresql Mailing list <pgsql-novice(at)postgresql(dot)org>
- Subject: Re: Questions from a Newbie
- Date: Wed, 21 Feb 2007 03:57:49 +1030
John Gardner wrote:
Hi everyone! I really am a newbie to Postgres, and I have few questions... mainly security orientated, which I'm hoping I can get a definitive answer on. 1) listen_addresses in postgresql.sql - The documentation states that; "...The value takes the form of a comma-separated list of host names and/or numeric IP addresses. The special entry * corresponds to all available IP interfaces. If the list is empty, the server does not listen on any IP interface at all, in which case only Unix-domain sockets can be used to connect to it. The default value is localhost, which allows only local "loopback" connections to be made. This parameter can only be set at server start." I'd like to be able to allow all users on a particular subnet to connect to the server using PGAdminIII and originally set the variable to: listen_addresses = 'localhost, 192.168.1.*'
Listen address is the ip address of the server. Entering * means it will listen on any and all ip addresses assigned to all network interfaces on the server. Unless you have multiple network cards then * or localhost will be fine, otherwise you want the ip address of the machine running postgresql eg. 192.168.1.250
The security setting you are interested in is located in the pg_hba.conf file - this file determines who is allowed to connect to postgresql and from what machines. You will most likely want a line like -
host all all 192.168.1.0/24 md5 The file itself contains enough info or you can read it in the docs.
This didn't allow the server to start, so I assume this is incorrect. Is there any way that this can be done? 2) How do you set the default 'postgres' Login Role to have a password? I did what I thought was the correct way in PgAdmin to assign it a password, and resultant code in the SQL pane does seem like it has an MD5 password assigned to it, but our security scanning software still assures me that, "Your PostgreSQL database is not password protected. We could log in as the user 'postgres'."
You may have an entry in pg_hba.conf that allows non-password logins.From the above example I gave the md5 at the end means the client can use md5 password encryption to login - if this is set to trust then a password is not required. This may be on the line with 127.0.0.1
-- Shane Ambler pgSQL(at)Sheeky(dot)Biz Get Sheeky @ http://Sheeky.Biz
- References:
- Questions from a Newbie
- From: John Gardner
- Questions from a Newbie
- Prev by Date: Re: Questions from a Newbie
- Next by Date: "Stream does not support Writing" exception
- Previous by thread: Re: Questions from a Newbie
- Next by thread: "Stream does not support Writing" exception
- Indexes: