From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:470:142:3::10]:41714)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hgzJk-00008m-Eg
 for guix-patches@gnu.org; Fri, 28 Jun 2019 18:26:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hgzJi-0003sd-6F
 for guix-patches@gnu.org; Fri, 28 Jun 2019 18:26:04 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:57830)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1hgzJi-0003sT-3K
 for guix-patches@gnu.org; Fri, 28 Jun 2019 18:26:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hgzJh-0006UA-Th
 for guix-patches@gnu.org; Fri, 28 Jun 2019 18:26:01 -0400
Subject: [bug#36191] [PATCH] gnu: postgres service: More secure default
 permissions.
Resent-Message-ID: <handler.36191.B36191.156176073724892@debbugs.gnu.org>
References: <20190613135037.10645-1-rob@vllmrt.net> <874l4dlll0.fsf@gnu.org>
From: Christopher Baines <mail@cbaines.net>
In-reply-to: <874l4dlll0.fsf@gnu.org>
Date: Fri, 28 Jun 2019 23:25:31 +0100
Message-ID: <871rzdmjok.fsf@cbaines.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 36191@debbugs.gnu.org, Robert Vollmert <rob@vllmrt.net>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hello,
>
> Robert Vollmert <rob@vllmrt.net> skribis:
>
>> This changes to 'peer' authentication for local socket connections,
>> and password-based authentication for local network connections.
>>
>> * gnu/services/databases.scm (%default-postgres-hba): Change
>> authentication method.
>
> That sounds reasonable to me.  Chris, WDYT?

I'm definitely no authority on PostgreSQL authentication, but this
sounds sensible to me.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl0Wk9tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XcG8BAAua1MZ3iO/lBa4lHEaUSgZsYljdSbWdnNkvQnGrKGqfIPxfO3r/VD6FeX
wp9pclj0az0Hm5RsQ1tFffooUY8CdEi/oTw4Jxk/9uEArC2JKsd4vgSsLgXtpaut
uaS2tlGI2OoHuy27O3tDYigYsg54T7cID6ZEOfj6l54RZiTei1wWLMwEj4CNIQi/
JKqQJoY/A0MVatUWoqxgniGG4uiFVVD2ZAkXk0S/gWmqS1VcPma02TLLhV/h21Ng
DhVaO2ltJsX0RGHJ7SDybNbXHs6Qf6fewS36CkTN8C6Xgds717ohELXlTCnzBnQh
bypVBM7kHL+l5q3k3NLsALWFHkpeUzV4cABpUkcYaR72nIHdkxoy+snIGwFEKJst
LiE1U5FgNvtWinT7f7BXSE4BWf+tR6uhyoeuqaLJM7kcwDqK8rPnjm6YoCKT6AO8
66T2QY/paQQHvb0NWHUh7DbBbq1P+E9t5MuKyZ4E3Bp1+nHrr4ESRvXKKsAusjzs
ivWy/aYVRURYyudryfIp2JpcKktjh05dvfD6srld87FcTGqncIMQXQB29AQDOG7Y
kLehHIWijKFrIpxdapl2VOEJPCgUrZ3qA/A4xSLXw59lMpfczKmM6J/L0kW5GPw+
SbB30ALaKUxbMBWqieFA8mabWXobs/6hwU7nC/ZMHqrsthW+R0g=
=klXG
-----END PGP SIGNATURE-----
--=-=-=--