| From: | Bernd Helmle <mailings(at)oopsware(dot)de> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Disabling trust/ident authentication configure option |
| Date: | 2015-05-04 08:36:20 |
| Message-ID: | F5115E7D0D6617B3AF6698E2@eje.credativ.lan |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
--On 30. April 2015 08:00:23 -0400 Robert Haas <robertmhaas(at)gmail(dot)com>
wrote:
> But... the user could use password authentication with the password
> set to "x" and that would be insecure, too, yet not prevented by any
> of this. I think it's pretty hard to prevent someone who has
> filesystem-level access to the database server from configuring it
> insecurely.
Sure. But I think the point is to make their engineers to think about what
they're doing. Typing in a password gives you at least a hint, that you are
probably should use something safe.
I agree that you couldn't really make that bullet proof from just this
excluded functionality, but i could imagine that this makes sense in a more
system-wide context.
>
> Of course, it's fine for people to make changes like this in their own
> copies of PostgreSQL, but I'm not in favor of incorporating those
> changes into core. I don't think there's enough general utility to
> this to justify that, and more to the point, I think different people
> will want different things. We haven't, for example, ever had a
> request for this specific thing before.
Well, i found at least one of such a proposal here:
--
Thanks
Bernd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Anton | 2015-05-04 08:48:02 | Re: [HACKERS] optimization join on random value |
| Previous Message | Martijn van Oosterhout | 2015-05-04 07:01:43 | Re: [HACKERS] optimization join on random value |