PostgreSQL image is open to the world

[itn3rd77]

Hi,

is there any good reason I am not aware of why this postgres installation should be open to the world by this line inside docker-entrypoint.sh:

host all all 0.0.0.0/0 trust

Isn't it a better way to allow the postgres user to authenticate via password and set a default password once at startup. This way the password can be changed after starting the container via psql.

Best regards

Ingo

[yosifkit]

That is a file in the volume and thus configurable or replaceable by the user. Besides, all containers are inside the NAT and only exposed to external networking with -p on run.

You can also disable icc to prevent all containers from talking to it as well (excepting those connected with --link). https://docs.docker.com/articles/networking/

[tianon]

Indeed, I'd echo what @yosifkit has said - if you disable inter-container-communication via --icc=false on your daemon, don't expose ports (with either -p or -P), then only --linked containers can connect.

[itn3rd77]

Thanks for your comments and opinion on this.