From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Josh Berkus <josh(at)agliodbs(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Disabling trust/ident authentication configure option |
Date: | 2015-05-07 15:02:54 |
Message-ID: | 20150507150254.GA30322@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Josh Berkus (josh(at)agliodbs(dot)com) wrote:
> On 05/06/2015 02:13 PM, Tom Lane wrote:
> > Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> >> (Personally I think there's a very good case for completely ripping out
> >> RFC1413 ident auth. I've not seen it used in a great long while, and
> >> it's always been a security risk.)
> >
> > FWIW, I agree with that --- or at least making it a not-built-by-default
> > option.
>
> I have seen it in the last year, actually, but only once, which even for
> my personal pool represents < 1% usage. So ...
>
> > Probably the right time to make any such changes is at the same time
> > we add the proposed more-secure-than-MD5 password option.
>
> +1 to kill off ident when we replace MD5, since users will need to be
> beaten over the head about changes to auth methods anyway.
I realize it's not going to be popular, but I'd love to have 'trust'
only allowed if a command-line option is passed to the postmaster or
something along those lines. It's really got no business being an
option for a network service like PG. I'd suggest ripping it out
entirely but I'm sure that'd be even less popular and Andrew does make a
good point that our single-user-mode is still so terrible that we have
to support a multi-user-mode with zero auth, to deal with certain kinds
of breakage/corruption. The fix for that is having a real single-user
mode that is usable, as has been discussed previously, but we don't seem
to be making much progress in that direction, unfortunately.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | David Steele | 2015-05-07 15:21:13 | Re: Auditing extension for PostgreSQL (Take 2) |
Previous Message | Rui Hai Jiang | 2015-05-07 14:49:48 | when are the xxxin() functions called |