We're updating the issue view to help you get more done. 

PostgreSQL authentication is too open

Description

Since Wazo 19.12, PostgreSQL pg_hba.conf file authorizes password-authenticated connections for every account.

We need to restrict as much as possible the PostgreSQL authentication methods in order to reduce the potential attack surface of a Wazo Platform.

Environment

None

Assignee

Sébastien Duthil

Reporter

Sébastien Duthil

Labels

Approvers

François Blackburn

Pair

None

Sprint

None

Fix versions

Priority

Medium
Configure