From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Bill Moran <wmoran(at)potentialtech(dot)com> |
Cc: | chris(at)paymentonline(dot)com, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Feature idea |
Date: | 2004-06-15 15:29:42 |
Message-ID: | 200406151529.i5FFTgj19806@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Bill Moran wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
>
> > Chris Ochs wrote:
> > >
> > > What if SET SESSION AUTHORIZATION could also accept a password so that non
> > > superusers could switch to a different user? How difficult would this be?
> >
> > Well, the password would go over the wire unencrypted, causing a
> > security problem.
>
> Only if encrypted transport is not enabled. With encrypted transport, it would
> be as secure as anything else, right?
>
> Perhaps, it could only be available if transmission encryption is enabled? Then
> again, there's a certain amount of "only the user can shoot his own foot" that
> has to be accepted ...
>
> Just thinking out loud ...
Yes, if you use SSH it is secure, but do we want clauses that are only
useful in SSH mode?
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Marc G. Fournier | 2004-06-15 15:36:47 | PostgreSQL 7.4.3 Now Available ... |
Previous Message | Chris Ochs | 2004-06-15 15:23:17 | Fw: Feature idea |