Skip site navigation (1) Skip section navigation (2)

Re: Design Considerations for New Authentication Methods

From: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Design Considerations for New Authentication Methods
Date: 2006-11-02 21:52:16
Message-ID: 20061102215216.GA29474@phlogiston.dyndns.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Thu, Nov 02, 2006 at 01:10:14PM -0800, Henry B. Hotz wrote:
> standard protocols and libraries that support real security:  SASL  
> and GSSAPI in particular.  You may for various reasons decide that  

[. . .]

> Part of establishing a secure connection is establishing that the end  
> points are the intended ones and there is no Man In the Middle.   
> Establishing the end points means the server has identified the user  
> within the name space of the security mechanism.

For what it's worth, I heartily support this effort.  For most cases,
it probably isn't necessary, but I can think of several applications
for SASL/GSSAPI where something weaker will simply not do; in the
absence of the proposed functionality, I simply wouldn't be able to
use Postgres for those applications.

A

-- 
Andrew Sullivan  | ajs(at)crankycanuck(dot)ca
In the future this spectacle of the middle classes shocking the avant-
garde will probably become the textbook definition of Postmodernism. 
                --Brad Holland

In response to

Responses

pgsql-hackers by date

Next:From: Martijn van OosterhoutDate: 2006-11-02 21:57:47
Subject: Re: Design Considerations for New Authentication Methods
Previous:From: Tom LaneDate: 2006-11-02 21:50:31
Subject: Re: [PATCHES] WAL logging freezing

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group