Skip site navigation (1) Skip section navigation (2)

Indent authentication overloading

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Indent authentication overloading
Date: 2010-11-17 15:35:45
Message-ID: AANLkTi=rUfPgT1uK0Z73rT8Ye4GwQo2j1LRR_R2PW6i9@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Currently, we overload "indent" meaning both "unix socket
authentication" and "ident over tcp", depending on what type of
connection it is. This is quite unfortunate - one of them being one of
the most secure options we have, the other one being one of the most
*insecure* ones (really? ident over tcp? does *anybody* use that
intentionally today?)

Should we not consider naming those two different things?

If not now, then at least put it on the TODO of things to do the next
time we need to break backwards compatibility with the format of
pg_hba.conf? Though if we're going to break backwards compatibility
anywhere, pg_hba is probably one of the least bad places to do it...

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2010-11-17 15:39:04
Subject: Re: Indent authentication overloading
Previous:From: Ross J. ReedstromDate: 2010-11-17 15:32:53
Subject: Re: contrib: auth_delay module

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group