Home > mailing lists

Re: Disabling trust/ident authentication configure option - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Disabling trust/ident authentication configure option
Date	May 21, 2015 05:36:12
Msg-id	CA+TgmobL0c-6W4mogNtF1CHkzbWTSaD2ogMASj5+hdJZFFnZDA@mail.gmail.com Whole thread Raw
In response to	Re: Disabling trust/ident authentication configure option (Michael Banck <mbanck@gmx.net>)
List	pgsql-hackers

Tree view

On Wed, May 20, 2015 at 7:09 PM, Michael Banck <mbanck@gmx.net> wrote:
>> I think Andres' point about "trust" being an essential disaster recovery
>> mode is something to consider, as well.  That puts pretty strict limits
>> on what would be a credible replacement.
>
> Then let's rename it from `trust' to `disaster'... ;)

I still don't buy it.  Say you have a server that connects on its own
VLAN every night to run a backup.  What's wrong with trust?  Would you
really be better putting it on a less-secure network and using a
password that will just have to be stored in a config file someplace?

Answer: No, you wouldn't.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Alvaro Herrera
Date: 21 May 2015, 05:25:48
Subject: Re: Change pg_cancel_*() to ignore current backend

From: Robert Haas
Date: 21 May 2015, 05:38:22
Subject: Re: RFC: Non-user-resettable SET SESSION AUTHORISATION

Re: Disabling trust/ident authentication configure option - Mailing list pgsql-hackers

Previous

Next