Re: [Gnumed-devel] removing test data

[Karsten Hilbert]

On Sat, Aug 08, 2009 at 08:57:07AM -0700, Jim Busser wrote:

> >>postgres=# alter role postgres with password '123';
> >
> >Don't do that. It will prevent Debian from doing database
> >maintenance.
> 
> I don't understand. How can the password be required to be anything
> other than something of the human sysadmin's choosing?

I did mis-express myself. I should have said: "Unless you
have made other changes making setting a password relevant
at all this (setting a password) won't help. And if you did
make that other change you prevent Debian from automatically
maintaining your databases."

> Configuring the PostgreSQL Server
> 
> First, set a strong password for the postgres role. This role
> automatically has unrestricted access to the cluster and everything
> held within those databases, so set a password for this role. To
> avoid potential risk, do this as soon as you have installed
> PostgreSQL, even if you do not currently intend to enable remote
> access, and are sure that no other users can login on the local
> system.
> 
> As the configuration defaults to ident authentication for local
> access, we must use the system account postgres to login with the
> postgres role. Enter this command at the server:
> 
> sudo postgres psql
> Once logged in to the SQL interface, set a password for the postgres
> role:
> 
> ALTER ROLE postgres WITH ENCRYPTED PASSWORD 'mypassword';
> You need this password to connect to the PostgreSQL server remotely
> with the postgres role, as described below.

Remote access should not be allowed for "postgres" at all.

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346