Closed
Description
It might be more reasonable to replace the following line in pg_hba
echo 'host all all 0.0.0.0/0 trust';
with
echo 'host all all 0.0.0.0/0 md5';
Because the current configuration simply enables anyone in the world to connect to the database with no authentication whatsoever, which is really a very serious security problem because it is very likely that someone might leave the default setting of the image!
Quoting PostgreSQL documentation
trust
Allow the connection unconditionally. This method allows anyone that can connect to the PostgreSQL database server to login as any PostgreSQL user they wish, without the need for a password or any other authentication
Metadata
Metadata
Assignees
Labels
No labels