Re: Disabling trust/ident authentication configure option - Mailing list pgsql-hackers
| From | Robert Haas |
|---|---|
| Subject | Re: Disabling trust/ident authentication configure option |
| Date | |
| Msg-id | CA+TgmoYnH3YWsf+ABPPDwpy9zpoJWFz=Rb=GCuYEoVG2mOPV4w@mail.gmail.com Whole thread Raw |
| In response to | Re: Disabling trust/ident authentication configure option (Volker Aßmann <volker.assmann@gmail.com>) |
| Responses |
Re: Disabling trust/ident authentication configure option
(Volker Aßmann <volker.assmann@gmail.com>)
|
| List | pgsql-hackers |
On Wed, May 20, 2015 at 4:20 AM, Volker Aßmann <volker.assmann@gmail.com> wrote: > On Tue, May 19, 2015 at 1:53 AM, Robert Haas <robertmhaas@gmail.com> wrote: >> On May 18, 2015, at 3:32 PM, Volker Aßmann <volker.assmann@gmail.com> >> wrote: >> > I know these measures won't protect against an experienced attacker who >> > gains root access, but hope it slows them down sufficiently so the admins >> > may have a chance to detect the attack. >> >> It won't. > > You don't seem to have much trust in your other authentication mechanisms > and seem to know our environment quite well then... > > But anyway you don't seem to understand why "being able to remove a 'disable > all security let anyone in' option" might be a reasonable idea, so there is > no point in arguing, please just ignore the patch. Please don't be discouraged here. Contributing to the PostgreSQL community can be frustrating when you don't get what you want, and even though I have been a member of this community for about 7 years now and am a major contributor and committer, I still very often do not get what I want. We make decisions here by consensus. As far as this patch goes, the question is simple: do we, as a group, agree that this patch will be a net positive for PostgreSQL? I think that it is fairly clear that the answer is no. There's a a fair degree support for the idea of adding a configure option of some kind, but there are widely diverging opinions about what it should do. Unless and until a reasonable degree of agreement can be reached, we can't proceed. But please don't view that as a personal rejection. I stand by what I said: disallowing trust authentication in pg_hba.conf will not slow down an attacker who wants to create a backdoor. I believe that to be true, and I can tell you why, but regardless of anything I say, you can still believe it to be false. I'm OK with that, and I hope you're OK with me having a different belief. It doesn't mean that I don't want you to continue reading this mailing list or suggesting things; in fact, I hope you will. The fact that I (and others) don't like this particular idea doesn't mean we won't like your next one, or the one after that. If this discussing has come across as bruising, I apologize for that. One of the things that sometimes happens is that somebody submits a patch and it goes for a long time without receiving any meaningful feedback. Then eventually, sometimes after a lot of work has been put into it, it gets rejected. That's not fun. So another approach is for people to respond right away when somebody posts a patch that they think is a bad idea and say: hey, wait, let's not do this, I think it's a bad idea. But then you can have a situation (which I think may have happened in this case) where a contributor feels that other people are jumping all over them. That's not fun, either. I don't know the answer to this problem. I'm not the world's greatest diplomat, and tone is even harder to read over email than it is in person. But I can tell you that I'm not mad at you personally, and I didn't spend time replying to this email thread just to get rid of you. If it came across that way, I'm sorry. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
pgsql-hackers by date: