On Sat, Aug 06, 2005 at 07:59:06PM -0700, Google Mike wrote: > As a PostgreSQL admin or developer, you may be asked to deploy a Linux > Apache PHP PostgreSQL application. As you know, and simplifying things > a great deal here, the pg_hba.conf file can be edited in approximately > 7 different ways: > > * locked down -- no access at all (usually the default) > * trust local access, any user > * trust local access, specific users > * trust remote access, any user > * trust remote access, specific users
I'd never trust remote access, not even for specific IPs, out of fear that somebody might be able to inject malicious commands using IP spoofing. SSL is a must in that situation. -- Alvaro Herrera (<alvherre[a]alvh.no-ip.org>) Y una voz del caos me habló y me dijo "Sonríe y sé feliz, podría ser peor". Y sonreí. Y fui feliz. Y fue peor. ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
