| From: | Hannu Krosing <hannu(at)tm(dot)ee> |
|---|---|
| To: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Password sub-process ... |
| Date: | 2002-07-30 07:49:52 |
| Message-ID: | 1028015392.2005.11.camel@rh72.home.ee |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2002-07-30 at 10:40, Marc G. Fournier wrote:
> On Tue, 30 Jul 2002, Bruce Momjian wrote:
>
> > Marc G. Fournier wrote:
> > > You seem to have done a nice job with the + and @ for 'maps' ... how about
> > > third on that states that the map file has a username:password pair in it?
> > >
> > > I do like how the pg_hba.conf has changed, just don't like the lose of
> > > functionality :(
> >
> > OK, but the only logic for using it is your duplicate users. There
> > would be no other reason someone would use such a feature, right?
>
> Hrmmm ... let's make this simpler ... there was a thread going around
> asking why MySQL vs PgSQL, and one of the answers had to do with ISPs ...
> from a 'shared host' point of view, what is done for v7.3 makes it very
> difficult for an ISP to 'save resources' by running one instance, without
> them starting to look like hotmail:
>
> bruce
> bruce001
> bruce002
> bruce003
>
> I'm lucky, I don't do virtual hosting, so I can use host/ip based
> restrictions on our databases, with a select few requiring a password ...
> but most out there do virtual hosting, which means that all the domains
> connecting to the database look like they are coming from the same IP ...
>
> so, I can easily do something like:
>
> host database bruce IP1
> host database bruce IP2
>
> and know that client on IP1 can't look at client on IP2s database, even
> with the same user ... but in a VH environment, you have:
>
> host database bruce IP1
> host database bruce IP1
Why can't you just name the user user(at)database ?
It should not be /too/ hard to explain to user bruce that his username
at database accounts is bruce(at)accounts ?
> in the old system, I could make both password based, so that altho both
> bruce's were looking to come from the same IP, only the one with the right
> password could connect, so Client on IP1's bruce wouldn't be able to look
> in Client on IP2's database, since he wouldn't have the required password
> to connect ...
But still, what happens if both bruces want to set their password to
"brucessecretpassword" ?
----------------
Hannu
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2002-07-30 08:13:24 | Re: Why is MySQL more chosen over PostgreSQL? |
| Previous Message | Oleg Bartunov | 2002-07-30 07:06:03 | Re: Weird manual page |