Return-Path: postarch
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA27995; Mon, 23 Dec 91 09:59:51 -0800
Message-Id: <9112231759.AA27995@postgres.Berkeley.EDU>
From: postarch (Postgres Mailing Archive)
Subject: Re: STANDALONE INSTALLATION???
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu
Reply-To: mer@postgres.berkeley.edu
In-Reply-To: Your message of "Fri, 20 Dec 91 15:55:39 EST."
             <9112201555.aa28253@Jade.Tufts.EDU> 
Date: Mon, 23 Dec 91 09:59:34 PST

you write:
> 
> >>You can have exclusive access to Postgres just by not adding any users 
> >>except yourself.  Only people explicitly added via createuser are permitted
> >>to use the system.
> 
> I have a quick question about that. Because postgres does not do any kind
> of network security check, can't anyone on the network who knows that
> you're running postgres, compile libpq and access any of the postgres
> data.

You are correct.  We have yet to get serious about security in Postgres.
It would be prudent for anyone who keeps important data in Postgres to make
frequent backups.


Jeff Meredith
mer@postgres.berkeley.edu