From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Marco Cuccato <mcuccato(dot)vts(at)gmail(dot)com> |
Cc: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: LDAPS trusted ca support |
Date: | 2019-12-03 20:35:26 |
Message-ID: | 20191203203526.GT6962@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Greetings,
* Marco Cuccato (mcuccato(dot)vts(at)gmail(dot)com) wrote:
> unfortunately I cannot modify the company's LDAP server configuration.
Note that if you're working in an Active Directory environment, you
should really be considering Kerberos/GSSAPI instead of LDAP for your
authentication. Using PostgreSQL's "ldap" auth method means that the
user's password is sent to, and read by, the PostgreSQL server, which
isn't really very secure.
You'll definitely also want to be using SSL/TLS between the PostgreSQL
client system and the PostgreSQL server, but that doesn't help you if
the PostgreSQL server itself is compromised.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2019-12-03 20:43:11 | Re: Numeric is not leakproof |
Previous Message | Stephen Frost | 2019-12-03 20:31:23 | Re: incorrect pg_dump output due to not handling dropped roles correctly |