| From: | Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Localhost vs. Unix Domain Sockets? |
| Date: | 2014-08-19 01:45:47 |
| Message-ID: | CAD3a31WsC9+Cdr2YMVFk1Gwebh40e2O_4WqiGVBNLkf0tEQVjg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thanks. I'm not really worried about this particular vulnerability, just
wondering about the more general idea that having db user name = os user
could reduce your security, even if only slightly. Is it just as
conceivable that a vulnerability could come along that was more exploitable
only if the two names were _different_?
To put it another way, keeping the two sets of names distinct is
incrementally more complex to manage. Which might be worth it if there
really is any gain. Is this a "best practice," or is it really a
manifestation of its closely-related cousin, the "silly practice?" :)
Cheers,
Ken
--
AGENCY Software
A Free Software data system
By and for non-profits
*http://agency-software.org/ <http://agency-software.org/>*
*https://agency-software.org/demo/client
<https://agency-software.org/demo/client>*
ken(dot)tanzer(at)agency-software(dot)org
(253) 245-3801
Subscribe to the mailing list
<agency-general-request(at)lists(dot)sourceforge(dot)net?body=subscribe> to
learn more about AGENCY or
follow the discussion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John R Pierce | 2014-08-19 01:51:46 | Re: Localhost vs. Unix Domain Sockets? |
| Previous Message | Jov | 2014-08-19 01:21:34 | Re: New wrapper library: QUINCE |