Skip site navigation (1) Skip section navigation (2)

Re: Password requirement in windows installer

From: Decibel! <decibel(at)decibel(dot)org>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: Dave Page <dpage(at)postgresql(dot)org>,PostgreSQL-development list <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Password requirement in windows installer
Date: 2007-08-31 17:30:02
Message-ID: 20070831173002.GA38801@decibel.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Fri, Aug 31, 2007 at 12:37:16PM -0400, Andrew Dunstan wrote:
> 
> 
> Decibel! wrote:
> >Is there something insecure about using ident sameuser for localhost
> >authentication on Windows?
> >  
> 
> FWIW, I never advise people to use ident auth for postgres except on 
> local (a.k.a. Unix domain socket) connections, which don't exist on Windows.

Is it easy to spoof where an incoming connection request is coming from?
Is there something else that makes ident on 127.0.0.1/32 insecure?
-- 
Decibel!, aka Jim Nasby                        decibel(at)decibel(dot)org
EnterpriseDB      http://enterprisedb.com      512.569.9461 (cell)

In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2007-08-31 17:41:47
Subject: Re: enum types and binary queries
Previous:From: Decibel!Date: 2007-08-31 17:17:14
Subject: Re: enum types and binary queries

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group