| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | "Shridhar Daithankar<shridhar_daithankar(at)persistent(dot)co(dot)in>" <shridhar_daithankar(at)persistent(dot)co(dot)in> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Handling users |
| Date: | 2003-02-18 14:17:14 |
| Message-ID: | 20030218141714.GB11505@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Feb 18, 2003 at 19:13:51 +0530,
"Shridhar Daithankar<shridhar_daithankar(at)persistent(dot)co(dot)in>" <shridhar_daithankar(at)persistent(dot)co(dot)in> wrote:
>
> I don't want to do that unless that is last option. And yes, the application
> and database are on same machine and it will be unix domain socket only for
> security reasons. ( I mean just trying to be paranoid. The application is on
> company intranet but why take chance?)
If you are using domain sockets and the OS supports it, why wouldn't you
want to use ident authentication?
The other option is to use password authentication and make sure you keep
the binaries secret so people can't find out what the passwords are. In
most cases I would expect password authentication to be higher risk than
ident authentication when you only allow connections through domain sockets.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2003-02-18 14:52:34 | TIP #5 has a bad URI |
| Previous Message | Shridhar Daithankar<shridhar_daithankar@persistent.co.in> | 2003-02-18 14:11:38 | Re: Handling users |