| From: | Andrew Sullivan <ajs(at)crankycanuck(dot)ca> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Design Considerations for New Authentication Methods |
| Date: | 2006-11-02 21:52:16 |
| Message-ID: | 20061102215216.GA29474@phlogiston.dyndns.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Nov 02, 2006 at 01:10:14PM -0800, Henry B. Hotz wrote:
> standard protocols and libraries that support real security: SASL
> and GSSAPI in particular. You may for various reasons decide that
[. . .]
> Part of establishing a secure connection is establishing that the end
> points are the intended ones and there is no Man In the Middle.
> Establishing the end points means the server has identified the user
> within the name space of the security mechanism.
For what it's worth, I heartily support this effort. For most cases,
it probably isn't necessary, but I can think of several applications
for SASL/GSSAPI where something weaker will simply not do; in the
absence of the proposed functionality, I simply wouldn't be able to
use Postgres for those applications.
A
--
Andrew Sullivan | ajs(at)crankycanuck(dot)ca
In the future this spectacle of the middle classes shocking the avant-
garde will probably become the textbook definition of Postmodernism.
--Brad Holland
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2006-11-02 21:57:47 | Re: Design Considerations for New Authentication Methods |
| Previous Message | Tom Lane | 2006-11-02 21:50:31 | Re: [PATCHES] WAL logging freezing |