0

I have a PHP script on my server that needs access to a database user to work properly . The person who programmed that PHP script has told to add the following to pg_hba.conf :

host all all 127.0.0.1/32 trust

Can this cause any security related issues for me ? Based on my understanding, what that line does is that it allows scripts that are hosted locally to connect to pgsql without a password . Is this correct ?

Can the presence of that line cause any remote connections to my database to be established without the database password ?

master lfc6
  • 27
  • 2
  • 7

1 Answers1

2

Yes, that is a configuration that you should generally avoid outside of very limited special cases:

trust

Allow the connection unconditionally. This method allows anyone that can connect to the PostgreSQL database server to login as any PostgreSQL user they wish, without the need for a password or any other authentication.

[..]

trust authentication is only suitable for TCP/IP connections if you trust every user on every machine that is allowed to connect to the server by the pg_hba.conf lines that specify trust. It is seldom reasonable to use trust for any TCP/IP connections other than those from localhost (127.0.0.1).

Note that allowing connections without providing any password may already be the case, as many distributions default to authenticating connections via unix sockets as the connecting user. That would typically result in the www-data system user being able to use the www-data postgres user without a password. Check the rest of your authentication configuration to see if this is the case.

Recommendation: Provision password or certificate authentication, do not proceed with the trust option.

Note also that limiting something to loopback addresses only is generally not sufficiently secure guarantee against external access. There is a long history of loopback-bound services being accessed through other software acting as an unintended proxy.

anx
  • 8,963
  • 5
  • 24
  • 48