19.4. Trust Authentication
Whentrust authentication is specified,Postgres Pro assumes that anyone who can connect to the server is authorized to access the database with whatever database user name they specify (even superuser names). Of course, restrictions made in thedatabase anduser columns still apply. This method should only be used when there is adequate operating-system-level protection on connections to the server.
trust authentication is appropriate and very convenient for local connections on a single-user workstation. It is usuallynot appropriate by itself on a multiuser machine. However, you might be able to usetrust even on a multiuser machine, if you restrict access to the server's Unix-domain socket file using file-system permissions. To do this, set theunix_socket_permissions (and possiblyunix_socket_group) configuration parameters as described inSection 18.3. Or you could set theunix_socket_directories configuration parameter to place the socket file in a suitably restricted directory.
Setting file-system permissions only helps for Unix-socket connections. Local TCP/IP connections are not restricted by file-system permissions. Therefore, if you want to use file-system permissions for local security, remove thehost ... 127.0.0.1 ... line frompg_hba.conf, or change it to a non-trust authentication method.
trust authentication is only suitable for TCP/IP connections if you trust every user on every machine that is allowed to connect to the server by thepg_hba.conf lines that specifytrust. It is seldom reasonable to usetrust for any TCP/IP connections other than those fromlocalhost (127.0.0.1).