| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jim Nasby <decibel(at)decibel(dot)org> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers(at)postgresql(dot)org, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Christopher Browne <cbbrowne(at)acm(dot)org> |
| Subject: | Re: Bugtraq: Having Fun With PostgreSQL |
| Date: | 2007-06-22 23:22:53 |
| Message-ID: | 29495.1182554573@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jim Nasby <decibel(at)decibel(dot)org> writes:
> On Jun 19, 2007, at 1:27 PM, Josh Berkus wrote:
>> Not all OSes support ident ... Solaris and OpenBSD for two, don't,
>> because they see ident as insecure.
> What about the unix domain socket, though? AFAIK that doesn't rely on
> ident but some other method...
On OpenBSD we use getpeereid() for unix sockets, and there are
equivalent things on some other Unixen. We could never go over to
ident as the standard default, though, because not all platforms
have these sorts of features (if indeed they have unix sockets at
all ...); and in any case it's not very secure for TCP.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2007-06-23 03:33:42 | In California for a few days |
| Previous Message | Tom Lane | 2007-06-22 23:13:01 | Refactoring parser/analyze.c |