Skip to content

Service checking most obvious security mistakes in pg_hba.conf #374

Description

@Krysztophe

We could check some obvious security problems in pg_hba_file_rules , eg:

  • existence of trust or password method (CRITICAL)
  • md5 instead of scram (WARNING ?)
  • syntax error in pg_hba.conf (CRITICAL)

Some others could be activated with options (host instead of hostnossl, 0.0.0.0 address…), and a perfectly configurable setup is probably an illusion, but a very basic service would already be already useful.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions