| From: | Bernd Helmle <mailings(at)oopsware(dot)de> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Disabling trust/ident authentication configure option |
| Date: | 2015-05-08 14:03:30 |
| Message-ID: | B41160D680619A0757C6DE62@eje.credativ.lan |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
--On 6. Mai 2015 16:28:43 -0400 Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>> Single user sessions would work, but the "peer" authentication is also
>> still available and should be the preferred method to reset passwords
>> when trust is disabled, so this should not be an issue.
>
> (Personally I think there's a very good case for completely ripping out
> RFC1413 ident auth. I've not seen it used in a great long while, and it's
> always been a security risk.)
I have the same feeling. I haven't seen it in the last 6+ years used
anywhere and I personally think it's a relict...so +1.
--
Thanks
Bernd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-05-08 14:08:35 | Re: Modify pg_stat_get_activity to build a tuplestore |
| Previous Message | Alvaro Herrera | 2015-05-08 13:58:48 | Re: Modify pg_stat_get_activity to build a tuplestore |