julien piaser wrote:
>
> I'm using postgresql7.0.2 on Linux Redhat 6.1.
>
> It seems that any user can log in psql with any other user account
> without giving any password
>
> i.e: if I'm logged in a shell as julien (who is a single user, not an
> administrator) I just have to write: psql -U postgres mydatabase to go
> into mydatabase with postgres permissions, without giving any password
> (or a wrong one as well)
>
> Not really securised... any suggestions?
look at your $PG_DATA/pg_hba.conf
instead of :
local all trust
host all 127.0.0.1 255.255.255.255 trust
try something like :
local all crypt
host all 127.0.0.1 255.255.255.255 crypt
--
Mathieu Arnold
