| From: | "Gene Sokolov" <hook(at)aktrad(dot)ru> |
|---|---|
| To: | "Bruce Momjian" <maillist(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Re: [HACKERS] Updated TODO list |
| Date: | 1999-07-15 07:16:46 |
| Message-ID: | 050801bece91$ffd4aba0$0d8cdac3@aktrad.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
From: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>
> > > I think the original point was that some people use the same or
related
> > > passwords for psql as for their login password.
> >
> > This may sound cold, but isn't that their own problem. I can remmeber
> > being told the first time i needed a passwd "don't reuse this" .
> > There should come a tiem when people take their own security a little
> > more into their own hands, but hey that's just me :)
>
> This may be the issue. If we decided the postgres user has to be able
> to know the password, we are stuck requiring people to use a different
> password for the database if the postgres user is not trusted as much as
> the system owner.
Assuming that people have limited memory, they really have only two
choices - reuse passwords, possibly with some modifications, or write
passwords down. I think the first choice is the lesser evil.
There are perfect solutions to the authentication problem. It's just a
matter of accepting one of these solutions.
Gene Sokolov
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zeugswetter Andreas IZ5 | 1999-07-15 07:35:17 | Re: [HACKERS] Re: Arrays versus 'type constant' syntax |
| Previous Message | Gene Sokolov | 1999-07-15 07:06:04 | Re: [HACKERS] Updated TODO list |