From: | "Gene Sokolov" <hook(at)aktrad(dot)ru> |
---|---|
To: | "Bruce Momjian" <maillist(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | <pgsql-hackers(at)postgreSQL(dot)org> |
Subject: | Re: [HACKERS] Updated TODO list |
Date: | 1999-07-15 07:16:46 |
Message-ID: | 050801bece91$ffd4aba0$0d8cdac3@aktrad.ru |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
From: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>
> > > I think the original point was that some people use the same or
related
> > > passwords for psql as for their login password.
> >
> > This may sound cold, but isn't that their own problem. I can remmeber
> > being told the first time i needed a passwd "don't reuse this" .
> > There should come a tiem when people take their own security a little
> > more into their own hands, but hey that's just me :)
>
> This may be the issue. If we decided the postgres user has to be able
> to know the password, we are stuck requiring people to use a different
> password for the database if the postgres user is not trusted as much as
> the system owner.
Assuming that people have limited memory, they really have only two
choices - reuse passwords, possibly with some modifications, or write
passwords down. I think the first choice is the lesser evil.
There are perfect solutions to the authentication problem. It's just a
matter of accepting one of these solutions.
Gene Sokolov
From | Date | Subject | |
---|---|---|---|
Next Message | Zeugswetter Andreas IZ5 | 1999-07-15 07:35:17 | Re: [HACKERS] Re: Arrays versus 'type constant' syntax |
Previous Message | Gene Sokolov | 1999-07-15 07:06:04 | Re: [HACKERS] Updated TODO list |