projects / phppgadmin.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5ed1d2a)
note about superuser password security
authorchriskl <chriskl>
Fri, 12 Sep 2003 08:24:58 +0000 (08:24 +0000)
committerchriskl <chriskl>
Fri, 12 Sep 2003 08:24:58 +0000 (08:24 +0000)
INSTALL patch | blob | blame | history

diff --git a/INSTALL b/INSTALL
index 4d014fb6d4ea8ac07080e8db08c0c7b8343ec57d..7429883a37345b0951ed0760ffcc4c86c3a9efa8 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -21,3 +21,13 @@ phpPgAdmin Installation Guide
 4. Browse to the phpPgAdmin installation using a web browser.  You must
    have cookies enabled for phpPgAdmin to work.
 
+5. IMPORTANT - SECURITY
+
+   PostgreSQL by default does not require you to use a password to log in.
+   This means that if you set up phpPgAdmin where the world can see it,
+   someone could just come along and type username 'postgres' or 'pgsql'
+   with no password and easily log in as a super user.
+
+   We STRONGLY recomment that you enable md5 passwords for local connections
+   in your pg_hba.conf, and set a password for the default superuser account.
+
phpPgAdmin is the premiere web based administration tool for PostgreSQL.