Re: Password sub-process ... - Mailing list pgsql-hackers

From Marc G. Fournier
Subject Re: Password sub-process ...
Date
Msg-id 20020730023120.P3083-100000@mail1.hub.org
Whole thread Raw
In response to Re: Password sub-process ...  (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses Re: Password sub-process ...
Re: Password sub-process ...
List pgsql-hackers
On Tue, 30 Jul 2002, Bruce Momjian wrote:

> Marc G. Fournier wrote:
> > You seem to have done a nice job with the + and @ for 'maps' ... how about
> > third on that states that the map file has a username:password pair in it?
> >
> > I do like how the pg_hba.conf has changed, just don't like the lose of
> > functionality :(
>
> OK, but the only logic for using it is your duplicate users.  There
> would be no other reason someone would use such a feature, right?

Hrmmm ... let's make this simpler ... there was a thread going around
asking why MySQL vs PgSQL, and one of the answers had to do with ISPs ...
from a 'shared host' point of view, what is done for v7.3 makes it very
difficult for an ISP to 'save resources' by running one instance, without
them starting to look like hotmail:

bruce
bruce001
bruce002
bruce003

I'm lucky, I don't do virtual hosting, so I can use host/ip based
restrictions on our databases, with a select few requiring a password ...
but most out there do virtual hosting, which means that all the domains
connecting to the database look like they are coming from the same IP ...

so, I can easily do something like:

host database bruce IP1
host database bruce IP2

and know that client on IP1 can't look at client on IP2s database, even
with the same user ... but in a VH environment, you have:

host database bruce IP1
host database bruce IP1

in the old system, I could make both password based, so that altho both
bruce's were looking to come from the same IP, only the one with the right
password could connect, so Client on IP1's bruce wouldn't be able to look
in Client on IP2's database, since he wouldn't have the required password
to connect ...

> I assume it would be MD5?

I've been using DES, but MD5 would work too ...




pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: statement_timeout
Next
From: Joe Conway
Date:
Subject: Proposal: stand-alone composite types