From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Disabling trust/ident authentication configure option |
Date: | 2015-05-20 18:09:17 |
Message-ID: | 20150520180917.GL26667@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Alvaro Herrera (alvherre(at)2ndquadrant(dot)com) wrote:
> Josh Berkus wrote:
>
> > As such, proposals are more likely to be successful if the proposer can
> > show how they apply to a general use case, or adapt them so that they
> > are useful to a large number of our users. This means that "this works
> > in our environment which has conditions X, Y, and Z" is not an effective
> > argument, unless you can follow it up with "... and here's the reason
> > why [large class of users] also has conditions X, Y and Z."
>
> The proposal here is to have a configure argument that disables
> arbitrary auth mechanisms. How is that specific to a particular
> environment?
For my 2c, I'm still a fan of the general idea.. I still view 'trust'
as appropriate only for development environments and I don't believe it
really solves any use-cases that having password-less accounts doesn't.
Removing it as an option simply removes a potential configuration
mistake. It's not going to protect you from a malicious administrator
who has root-level access any more than a CHECK constraint would stop a
malicious DBA.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Jaime Casanova | 2015-05-20 18:10:12 | Re: Improving GEQO |
Previous Message | David Fetter | 2015-05-20 18:07:02 | GROUPING |