Re: [awips2-users] Default postgresql hba.conf is scary

[Michael James <mjames@xxxxxxxxxxxxxxxx>]

Actually I remove all but my own network entries in this file.  Or, I 
used to, and have some times, but not always.

What I mean is, thank you for bringing this up as it's another thing I 
can wrap up in the awips2-edex-upc configuration RPM on next release.

-Michael


On 10/04/2013 02:54 PM, daryl herzmann wrote:
> Hi AWIPSII List,
>
> "Attempting to get first post! :)"
>
> I notice that the default postgresql hba.conf is scary, with trust 
> allows permitted from many locations by default.
>
> host    fxatext     all         127.0.0.1/32          trust
> host    fxatext     all         129.186.187.0/24       trust
> host    fxatext     all         147.18.139.0/24       trust
> host    fxatext     all         162.0.0.0/8           trust
> host    hd_ob83oax  all         127.0.0.1/32          trust
> host    hd_ob83oax  all         129.186.187.0/24       trust
> host    hd_ob83oax  all         147.18.139.0/24       trust
> host    hd_ob83oax  all         162.0.0.0/8           trust
> host    dc_ob7oax   all         127.0.0.1/32          trust
> host    dc_ob7oax   all         129.186.187.0/24       trust
> host    dc_ob7oax   all         147.18.139.0/24       trust
> host    dc_ob7oax   all         162.0.0.0/8           trust
> host    hmdb        all         127.0.0.1/32          trust
> host    hmdb        all         129.186.187.0/24       trust
> host    hmdb        all         147.18.139.0/24       trust
> host    hmdb        all         162.0.0.0/8           trust
> host    ebxml       all         127.0.0.1/32          trust
> host    ebxml       all         129.186.187.0/24       trust
> host    ebxml       all         147.18.139.0/24       trust
> host    ebxml       all         162.0.0.0/8           trust
>
> Ahhhhhhhhhh, this makes me worried about the overall security of AWIPS 
> II! Will this be cleaned up at some point or it is just something 
> expected for admins to do?
>
> daryl