D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Postgresql su user

 

Hi Simon

With you on the security side. So I followed the official doc and get a different message.

could not change directory to "/root"

Still its let me create the user, so hopefully this will be enough to proceed.

Thanks.



On Mon, Oct 12, 2015 at 12:10 AM, Simon Waters <simon@xxxxxxxxxxxxxx> wrote:
The instructions seem to show creating a PostgreSQL superuser and entering that users details into a web form.

Perhaps Bad Apple's paranoia is rubbing off, but what the heck do they think they are playing at? Creating a database, create a user, grant all perms to the database user, is pretty weak security-wise, but at least those apps (Wordpress I'm looking at you) usually leak only their own data when they mess up.

This is the kind of install where one blunder in their logic and your machine is rooted.

The official install guides says "n" to superuser. Probably start again from there time.




--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq