Re: Disabling trust/ident authentication configure option - Mailing list pgsql-hackers

From Bernd Helmle
Subject Re: Disabling trust/ident authentication configure option
Date
Msg-id F5115E7D0D6617B3AF6698E2@eje.credativ.lan
Whole thread Raw
In response to Re: Disabling trust/ident authentication configure option  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers

--On 30. April 2015 08:00:23 -0400 Robert Haas <robertmhaas@gmail.com>
wrote:

> But... the user could use password authentication with the password
> set to "x" and that would be insecure, too, yet not prevented by any
> of this.  I think it's pretty hard to prevent someone who has
> filesystem-level access to the database server from configuring it
> insecurely.

Sure. But I think the point is to make their engineers to think about what
they're doing. Typing in a password gives you at least a hint, that you are
probably should use something safe.

I agree that you couldn't really make that bullet proof from just this
excluded functionality, but i could imagine that this makes sense in a more
system-wide context.

> 
> Of course, it's fine for people to make changes like this in their own
> copies of PostgreSQL, but I'm not in favor of incorporating those
> changes into core.  I don't think there's enough general utility to
> this to justify that, and more to the point, I think different people
> will want different things.  We haven't, for example, ever had a
> request for this specific thing before.

Well, i found at least one of such a proposal here:

<http://www.postgresql.org/message-id/CAN2Y=uMt7CPkxZhAUfw7SzecKdWCWsUuLmh4XPhUxKqBtdUoyA@mail.gmail.com>


-- 
Thanks
Bernd



pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Potential pointer dereference in plperl.c (caused by transforms patch)
Next
From: Petr Korobeinikov
Date:
Subject: psql :: support for \ev viewname and \sv viewname