Is PostgreSQL peer-to-peer authentication secure for production?
PostgreSQL Peer-to-Peer Authentication is the source of many questions on this website, but once you understand how it works, it looks pretty amazing.
For example, I can connect my application to a development database without providing a username and password.
So my question is, can I use peer-to-peer authentication on the production server? Is it safe enough?
Many thanks.
source to share
peer
very useful for many kinds of deployments - for example, when you want to allow users to log in with local unix user accounts and have quick access to the database as a suitable PostgreSQL user.
This is not very convenient for webapps because you usually want each webapp to have its own user. Therefore, you usually use for them md5
.
I often combine them. For webapps md5
, only their private DBs are allowed to be used - more local
if the driver supports it, otherwise via host
connections from localhost
. Allow peer
for local users for any DB, including webapp databases. If you only want to have one user in each db (so you can ignore the permissions, which I don't recommend, but I know some people do), you can use mapping pg_ident.conf
so that people can authenticate through peer
as non-name users default user.
Then you can add hostssl
connections from outside world via md5
either gssapi
(kerberos) or sspi
if it is a Windows DB host.
Authentication methods are not all or nothing. There's a reason to easily provide a list of alternatives and choose the first appropriate one.
source to share