From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Indent authentication overloading |
Date: | 2010-11-17 16:31:51 |
Message-ID: | 1290011511.18541.4.camel@vanquo.pezone.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On ons, 2010-11-17 at 16:35 +0100, Magnus Hagander wrote:
> Currently, we overload "indent" meaning both "unix socket
> authentication" and "ident over tcp", depending on what type of
> connection it is. This is quite unfortunate - one of them being one of
> the most secure options we have, the other one being one of the most
> *insecure* ones (really? ident over tcp? does *anybody* use that
> intentionally today?)
>
> Should we not consider naming those two different things?
The original patch called the Unix domain socket version "peer" (whereas
the name "ident" comes from the official name of the TCP/IP protocol
used). You can look it up in the archives, but I believe the argument
for using the name "ident" for both was because "ident" was established
and the new feature would provide the same functionality.
That said, I completely agree with you. Every time I look through a
pg_hba.conf I think, that's a terrible name, we should rename this.
We could perhaps introduce an alternative name and slowly deprecate the
original one.
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2010-11-17 16:48:36 | Re: unlogged tables |
Previous Message | Jeroen Vermeulen | 2010-11-17 16:10:45 | Re: Indent authentication overloading |