Added some comments about PostgreSQL password usage with Mir.

diff --git a/doc/INSTALL.mir b/doc/INSTALL.mir
index fdc33f9..58d747d 100755 (executable)
--- a/doc/INSTALL.mir
+++ b/doc/INSTALL.mir
@@ -77,6 +77,36 @@ Do not put any JkMount lines into your httpd.conf!
 If mod_jk.conf-auto doesn't get written or is 0 bytes in size, check your
 system for file ownership/permissions problems.
 
+
+12. Add a password to your PostgreSQL user and link it to Mir (optional)
+
+Add a hard to guess password to the PostgreSQL user database:
+
+# psql -U postgres Mir
+alter user postgres with password 'yourpassword';
+
+
+Then, in /etc/postgresql/pg_hba.conf you should make sure that nobody can
+use the database without a password:
+
+local           all                                                                               password
+host         all         127.0.0.1     255.0.0.0           password
+host         all         0.0.0.0       0.0.0.0             reject
+
+
+Then, change the database password line in config.properties:
+
+Database.Username=postgres
+Database.Password=yourpassword
+
+You should make sure that no copy of config.properties (neither in mir nor
+in Mir/src nor in Mir/WEB-INF/classes) is world-readable. Else you wouldn't
+have to install a password, anyway.
+
+If you can't access PostgreSQL after this for any reason, try to change
+"password" in /etc/postgresql/pg_hba.conf into "trust". This should disable
+any authentication method and make the database accessible again.
+
 that's it :)
 
 now the admin-application is accesable via: