Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Question about security on development-machine #594
Comments
|
By default, Postgres.app creates a server with the following settings:
The goal is to make it easy for local development. It does make you vulnerable to attackers that have partial access to your computer, eg. a sandboxed app could access your sensitive data or use Postgres.app for privilege escalation. If you want to improve security, setting a password for all users is a good idea. You also need to edit pg_hba.conf to change the authentication settings. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Gys,
What is best practice for security on a local development-machine?
One role for each database?
sometimes, it is helpful to drag a dump from production to development for finding errors.
But, in that case, there may be sensitibe data on the dev-machine.
if anyone hacks my notebook, he has all sensitive data - and if he is a professinal all is lost - clearly.
But, would that make sense, in Postgres-App?
Best Regards,
Christian