| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Pedro Fonseca" <pedro(dot)fonseca(at)netcabo(dot)pt> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Authorization problem |
| Date: | 2001-10-05 18:11:16 |
| Message-ID: | 17419.1002305476@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
"Pedro Fonseca" <pedro(dot)fonseca(at)netcabo(dot)pt> writes:
> I mean, this is what the 'trust' AUTHTYPE does!
Quite.
> Isn't this a bad thing?
If you don't trust the users on your local machine, you can't use
"trust" authtype for local connections. It's as simple as that.
The reason why there's not an equivalent of "ident" auth for local
socket connections is that most platforms don't provide any way to
find out who owns the other end of a local socket connection.
You're wasting your breath to complain to the Postgres developers
about an OS-level deficiency. I'd suggest using ident and TCP/IP.
You can set PGHOST=127.0.0.1 in your environment so you don't need to
think about what kind of connection you are using.
BTW, PG 7.2 will support ident-like auth on local connections for
a small number of platforms where there is such a facility. But
that doesn't help you today, and won't ever help you if you're not
on one of those platforms.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oleg Lebedev | 2001-10-05 18:25:06 | Postmaster startup |
| Previous Message | Mikheev, Vadim | 2001-10-05 17:18:34 | Re: Redo record at high number |