On 8/18/2014 5:45 PM, Ken Tanzer wrote:
> I used to have my db and linux usernames match, until this issue came
> along: http://www.postgresql.org/support/security/faq/2013-04-04/. It
> specifically mentions potentially increased vulnerability if the names
> match. So when I set up a new server I had them not match. I know
> this particular issue is fixed. But are there other ways that having
> the names match could potentially increase vulnerability (even if not
> known or identified yet), or am I pointlessly "fighting the last war"
> by keeping the names different?
afaik that exploit only applies when the user is coming in over tcp/ip
--
john r pierce 37N 122W
somewhere on the middle of the left coast