Re: Disabling trust/ident authentication configure option - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: Disabling trust/ident authentication configure option
Date
Msg-id 20150521001936.GQ26667@tamriel.snowman.net
Whole thread Raw
In response to Re: Disabling trust/ident authentication configure option  (Andres Freund <andres@anarazel.de>)
Responses Re: Disabling trust/ident authentication configure option
List pgsql-hackers
* Andres Freund (andres@anarazel.de) wrote:
> On 2015-05-20 19:46:12 -0400, Stephen Frost wrote:
> > In other words, I agree with you that we can't simply get rid of 'trust'
> > without having another solution.  I *do* believe that a real single-user
> > mode that is only available to the owner of the cluster would go a long
> > way towards this goal.
>
> I think that's a restriction that doesn't make much sense. What if you
> want to dump the data as fast as possible to get things up in another
> machine/datacenter/whatever after a fault? Uh wait, parallel dump won't
> work with single user mode.

We're talking about vaporware here at the moment, so I'll just throw out
that, perhaps, you could have multiple PG instances in single-user which
are all running at the same time in a read-only fashion. :)

Actually, having a tool like that would be *really* handy for a lot of
uses.  In some ways, I believe our lack of such tooling is specifically
because we simply don't have as many issues in this area as other
databases do.  Where is a tool to extract out all the records (with
their system columns) from a file based on a provided table definition?
With that, you could certainly parallelize pulling all of the data out
into flat files.

> This isn't strengthening security. This is making something far too
> complicated (pg_hba.conf) into something even more complicated, because
> suddenly even the most basic things only work in some environments. If
> you want to improve security significantly, make it easier to configure
> authentication/authorization. That's one of the hardest parts of
> postgres.

pg_hba.conf isn't being made any more complicated by removal of an
option.  I agree that we could certainly improve on it.
Thanks!
    Stephen

pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: Disabling trust/ident authentication configure option
Next
From: Jim Nasby
Date:
Subject: Re: RFC: Non-user-resettable SET SESSION AUTHORISATION