| From: | "Josh Berkus" <josh(at)agliodbs(dot)com> |
|---|---|
| To: | "Magnus Hagander" <mha(at)sollentuna(dot)net>, "Josh Berkus" <josh(at)agliodbs(dot)com>, "Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net>, <pgsql-advocacy(at)postgresql(dot)org> |
| Subject: | Re: backhanded compliment from Larry Ellison |
| Date: | 2002-11-21 17:36:03 |
| Message-ID: | web-1835715@davinci.ethosmedia.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-advocacy |
Magnus,
> I'd like to add one more line to that list, which is definitly
> holding
> us back from using it in a few situations:
> 6) Integrated Windows login.
>
> Meaning once you're on the domain, you have your permissions in the
> database server.
Hmmm ... not sure that's such a desirable feature. The "integrated
login" was the source of one of the SQL server worms. And delving
into the MS authentication protocols is probably a good way to waste a
couple of 100 hours as well as get sued by MS under the DCMA.
I also tend to *not* use user's logins for the database, relying
instead on encrypted application logins and application security to
manage user rights.
Mind you, in one of my clients' heterogenous shops, we have integrated
login, effectively ... the office has an integrated Samba/NIS
authentication server, and one of the databases uses PAM
authentication, thus providing client --> server authentication for
both Postgres and SQL Server.
Works great, though WIndows XP will cause problems with the setup
eventually.
-Josh Berkus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Clift | 2002-11-21 18:11:24 | [Fwd: Microsoft document comparing Windows 2000 to UNIX (FreeBSD).] |
| Previous Message | Jason Hihn | 2002-11-21 13:57:36 | Re: backhanded compliment from Larry Ellison |