Re: Spoofing as the postmaster - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: Spoofing as the postmaster
Date
Msg-id 476ECA7E.10604@hagander.net
Whole thread Raw
In response to Re: Spoofing as the postmaster  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Spoofing as the postmaster
Re: Spoofing as the postmaster
List pgsql-hackers
Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> Am I missing something here, or did you just post
>> a piece of configure that *agreed* with what I said? ;-)
> 
> Maybe I misread what you said.  I thought you were claiming that mysql
> do this more securely than we do; which they don't.  But looking back,
> 
>>>> It's certainly the default on my SQL Servers. And Sybase. AFAIK it's the
>>>> default on MySQL,
> 
> it seems it's not too clear which case you meant by "it".

My bad, then. Probably didn't quote enough :-)

My point is that all these other server products have the exact same
issue. And that they deal with it the exact same we do - pretty much
leave it up to the guy who configure the server to realize that's just
how things work.

I'm just surprised that people are actually surprised by this. To me,
it's just a natural fact that happens to pretty much all systems. And a
good reason not to let arbitrary users run processes that can bind to
something on your server.

//Magnus


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Spoofing as the postmaster
Next
From: Kurt Roeckx
Date:
Subject: Re: Spoofing as the postmaster