CHAPTER 29 SECURING POSTGRESQL METHOD: Specifies (Make web site)
CHAPTER 29 SECURING POSTGRESQL METHOD: Specifies the authentication method that applies to the specified connection rule. Several different authentication methods are available. Only the most common methods are listed here, but you can consult the online documentation for more information: trust: Allows connections for the specified rule to connect without any type of authentication or verification of the user or their password. This method is not recommended for production machines. password: Requires that a password be supplied for any connecting user. The password will be sent in plain text over the connection, so it is often recommended that this method should be used only in connection with some type of SSL arrangement. md5: Requires the connecting user to supply an MD5-encrypted password for authentication. Note that even though the password is encrypted, the connection still sends the hash via plain text, so it is not immune to sniffing-based attacks. While md5 is generally preferred over the password method, it too is best used in conjunction with some type of SSL connection. krb5: Uses Kerberos 5 to authenticate the user. This requires an external Kerberos key file and is available only for TCP/IP-based connections. pam: Authenticates the user via the Pluggable Authentication Modules service available from the operating system. ident: Authenticates users based on the connecting client s username, as determined by the operating system. You can create an optional identmap file if you want certain operating system users to be able to connect as different database users. Note that ident is not generally recommended as an authorization protocol, and therefore should be used only on machines on which the client can be well-secured. reject: Automatically rejects any connection matching the specified rule. This can sometimes be useful for filtering out certain connections from a larger group. The order in which each row is placed in the pg_hba.conf is significant because PostgreSQL will authenticate incoming connections based on the first available match it finds within the file. For this reason, you will usually find that earlier entries will have strict connection-matching parameters along with weaker authentication methods, followed by more wide-reaching connection-matching parameters alongside tougher authentication methods. A typical pg_hba.conf might look something like this: # Allow users on the local system to connect to any database under # any username using Unix domain sockets # TYPE DATABASE USER CIDR-ADDRESS METHOD local all all trust # Implement the same permissions as above, but for connections on # local loopback TCP/IP connections. (i.e. localhost) # TYPE DATABASE USER CIDR-ADDRESS METHOD host all all 127.0.0.1/32 trust
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.