Skip site navigation (1) Skip section navigation (2)

Re: Bugtraq: Having Fun With PostgreSQL

From: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Bugtraq: Having Fun With PostgreSQL
Date: 2007-06-25 17:02:13
Message-ID: 20070625170213.GC19717@phlogiston.dyndns.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Sat, Jun 23, 2007 at 06:14:23PM +0200, Magnus Hagander wrote:
> The benefit would be that PostgreSQL would be "secure by default". Which
> we are *not* today.

To achieve the "secure by default" feature that you want (and I like
the scare-quotes -- I agree with those that think this adds no real
security, but I think you're right to worry about the perception
angle in this case), why not have a ./configure option that sets the
default trust level for the build?  The option could default to
something "secure", but experienced users' build scripts would only
have to be altered to include --default-authentication="trust" or
something like that.  Using this approach, packagers can also
continue to do what they want.

A
-- 
Andrew Sullivan  | ajs(at)crankycanuck(dot)ca
However important originality may be in some fields, restraint and 
adherence to procedure emerge as the more significant virtues in a 
great many others.   --Alain de Botton

In response to

Responses

pgsql-hackers by date

Next:From: D'Arcy J.M. CainDate: 2007-06-25 17:14:24
Subject: Re: Blowback from text conversion changes
Previous:From: Gregory StarkDate: 2007-06-25 16:56:28
Subject: Blowback from text conversion changes

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group