From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Disabling trust/ident authentication configure option |
Date: | 2015-05-21 00:08:56 |
Message-ID: | 20150521000856.GV27868@alap3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2015-05-20 19:46:12 -0400, Stephen Frost wrote:
> In other words, I agree with you that we can't simply get rid of 'trust'
> without having another solution. I *do* believe that a real single-user
> mode that is only available to the owner of the cluster would go a long
> way towards this goal.
I think that's a restriction that doesn't make much sense. What if you
want to dump the data as fast as possible to get things up in another
machine/datacenter/whatever after a fault? Uh wait, parallel dump won't
work with single user mode.
This isn't strengthening security. This is making something far too
complicated (pg_hba.conf) into something even more complicated, because
suddenly even the most basic things only work in some environments. If
you want to improve security significantly, make it easier to configure
authentication/authorization. That's one of the hardest parts of
postgres.
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2015-05-21 00:19:36 | Re: Disabling trust/ident authentication configure option |
Previous Message | Jim Nasby | 2015-05-21 00:08:41 | Re: anole: assorted stability problems |