| From: | Andrew Sullivan <andrew(at)libertyrms(dot)info> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Automated database backups and authentication |
| Date: | 2002-08-07 14:51:49 |
| Message-ID: | 20020807105149.D18589@mail.libertyrms.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Tue, Aug 06, 2002 at 11:34:58PM +0200, Artur Pietruk wrote:
> On Tue, Aug 06, 2002 at 11:39:03AM -0700, Darren McClelland wrote:
> > Thanks, that's an idea. I'd always been thinking of ident as unreliable, but
> > if I control the authenticating server then it's something usable. At least I
> [cut]
>
> Well, if you want to use ident that way, than you have to trust not
> only those two servers, but all hosts in their network segments - do not
> forget about ARP poisoning.
>
> I think, that in your setup it would be better to do crypt=-auth
> and:
>
> - use PGPASSWORD environment variable, just set it before you execute
If you're worried about people poisoning arp, &c., then you'd have to
be mad to put a password in an environment variable.
If you have this sort of security problem, use Kerberos. It's what
it was designed to solve.
A
--
----
Andrew Sullivan 87 Mowat Avenue
Liberty RMS Toronto, Ontario Canada
<andrew(at)libertyrms(dot)info> M6K 3E3
+1 416 646 3304 x110
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-08-07 18:04:30 | Re: initdb "Fails to initialize lc_time" (using 7.3.1) |
| Previous Message | Tobias Schmalfuss | 2002-08-07 14:50:35 | Problems with migration |