| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | Piotre Ugrumov <afmulone(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Enable user access from remote host |
| Date: | 2009-03-09 01:22:54 |
| Message-ID: | 6959.1236561774@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
John R Pierce <pierce(at)hogranch(dot)com> writes:
> Tom Lane wrote:
>> A more accurate statement is that it's trustworthy to the extent that
>> you trust the owner of the other machine to be running a non-broken
>> identd daemon. Within a LAN it might be perfectly reasonable to use.
> you would have to extend that trust to any machine connected to any
> network which can be routed to the server in question as he was
> specifying a wildcard IP, and that includes anything that anyone could
> plug into any network port.
Agreed, it's pretty stupid to use IDENT with a wildcard IP that allows
connections from untrusted networks. I was just objecting to the
statement that it's unsafe in all cases.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Mandel | 2009-03-09 06:04:19 | Re: Random Deadlock on DROP CONSTRAINT |
| Previous Message | Chris | 2009-03-09 01:12:26 | Re: Log SQL code before executing it |