--- Begin Message ---
Subject: |
[PATCH] gnu: postgres service: More secure default permissions. |
Date: |
Thu, 13 Jun 2019 15:50:37 +0200 |
This changes to 'peer' authentication for local socket connections,
and password-based authentication for local network connections.
* gnu/services/databases.scm (%default-postgres-hba): Change
authentication method.
---
gnu/services/databases.scm | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 7113f1f2a1..ec31489d48 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2017 Christopher Baines <address@hidden>
;;; Copyright © 2018 Clément Lassieur <address@hidden>
;;; Copyright © 2018 Julien Lepiller <address@hidden>
+;;; Copyright © 2019 Robert Vollmert <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -91,9 +92,9 @@
(define %default-postgres-hba
(plain-file "pg_hba.conf"
"
-local all all trust
-host all all 127.0.0.1/32 trust
-host all all ::1/128 trust"))
+local all all peer
+host all all 127.0.0.1/32 md5
+host all all ::1/128 md5"))
(define %default-postgres-ident
(plain-file "pg_ident.conf"
--
2.20.1 (Apple Git-117)
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#36191] [PATCH] gnu: postgres service: More secure default permissions. |
Date: |
Tue, 02 Jul 2019 17:11:38 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
Hello,
Giovanni Biscuolo <address@hidden> skribis:
> It's very reasonable to have such default auth methods for PostgresSQL:
> we should apply this patch
Christopher Baines <address@hidden> skribis:
> I'm definitely no authority on PostgreSQL authentication, but this
> sounds sensible to me.
Alright, applied, thanks for your feedback!
Ludo’.
--- End Message ---