| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Disabling trust/ident authentication configure option |
| Date: | 2015-05-18 20:01:29 |
| Message-ID: | 20150518200129.GJ9458@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, May 18, 2015 at 05:00:41PM -0300, Alvaro Herrera wrote:
> Bruce Momjian wrote:
> > On Mon, May 18, 2015 at 09:32:23PM +0200, Volker Aßmann wrote:
>
> > > But I like the more general approach proposed by Alvaro, so in case this patch
> > > would have a chance to not be immediately rejected, I would try to implement
> > > the more generic approach. I would also include a check to ensure at least one
> > > reasonably secure way for password recovery is available. For Unix systems
> > > "peer" authentication seems to be a good candidate.
> >
> > Likely to be rejected.
>
> Why?
Because, as Josh stated, it is more of a bandaid rather than a fix ---
we can't protect administrators against themselves in this way without
causing a lot of confusion.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2015-05-18 20:02:32 | Re: jsonb concatenate operator's semantics seem questionable |
| Previous Message | Alvaro Herrera | 2015-05-18 20:00:41 | Re: Disabling trust/ident authentication configure option |