as per response "It allows anyone/anything on the local machine to connect to the database without authentication. Whether that impacts any particular one/thing depends on your personal setup."
There is already one line to serve your stated purpose local all all trust That's why I specifically raised this question for below from postgresql experts host all all 127.0.0.1/32 trust So still I am not able to find a valid reason for keeping this entry. So please help me in explaining the same. Regards, On Thu, Oct 26, 2023 at 11:56 PM David G. Johnston < david.g.johns...@gmail.com> wrote: > Always reply to the list, it is ok to CC individuals. Also, the > convention here is to inline post (or bottom if you must) as in my first > reply; not top-post as you and I have done here. > > I'd suggest also putting into your own words what you believe the entry is > providing/enabling. Read the relevant documentation for aid in formulating > such a description. > > It allows anyone/anything on the local machine to connect to the database > without authentication. Whether that impacts any particular one/thing > depends on your personal setup. > > David J. > > On Thu, Oct 26, 2023 at 11:04 AM Atul Kumar <akumar14...@gmail.com> wrote: > >> Hi, >> >> Could you elaborate more as it seems that your response doesn't satisfy >> my query which is "what is the exact purpose of this entry and what >> would be the impact of removing it on other tools/processes like pgbouncer, >> pem, replication etc ?" >> >> I am yet to understand the impact of removing this entry. >> >> >> Regards. >> >> On Thu, Oct 26, 2023 at 5:52 AM David G. Johnston < >> david.g.johns...@gmail.com> wrote: >> >>> On Wed, Oct 25, 2023 at 5:11 PM Atul Kumar <akumar14...@gmail.com> >>> wrote: >>> >>>> Hi, >>>> >>>> As you know already, pg_hba.conf file always has the below entry after >>>> successful installation of postgres. >>>> >>>> host all all 127.0.0.1/32 trust >>>> >>>> >>>> Please let me know what is the exact purpose of this entry and what >>>> would be the impact of removing it on other tools/processes like pgbouncer, >>>> pem, replication etc ? >>>> >>>> >>>> >>> While that may be a true statement for installation from source I'm >>> pretty certain most packagers have a more tightly controlled setup that >>> doesn't involve "trust" authentication. >>> >>> The reason behind choosing to include that specific line is to minimize >>> the amount of post-install effort needed for one to connect to the server >>> from the local machine, which is often a personal machine with only the >>> "DBA" having access to it. >>> >>> The better and more widely implemented default is requiring a password >>> for host while accepting peer for local. >>> >>> All external tools should be told what credentials to use to connect to >>> the server and those credentials added to the system and a more restrictive >>> pg_hba.conf entry added to permit those connections. All trust connections >>> in pg_hba.conf should be removed from it as quickly as possible. >>> >>> David J. >>> >>> >>>
