| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Brendan Jurd <direvus(at)gmail(dot)com>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-23 20:52:14 |
| Message-ID: | 476ECA7E.10604@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Am I missing something here, or did you just post
>> a piece of configure that *agreed* with what I said? ;-)
>
> Maybe I misread what you said. I thought you were claiming that mysql
> do this more securely than we do; which they don't. But looking back,
>
>>>> It's certainly the default on my SQL Servers. And Sybase. AFAIK it's the
>>>> default on MySQL,
>
> it seems it's not too clear which case you meant by "it".
My bad, then. Probably didn't quote enough :-)
My point is that all these other server products have the exact same
issue. And that they deal with it the exact same we do - pretty much
leave it up to the guy who configure the server to realize that's just
how things work.
I'm just surprised that people are actually surprised by this. To me,
it's just a natural fact that happens to pretty much all systems. And a
good reason not to let arbitrary users run processes that can bind to
something on your server.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kurt Roeckx | 2007-12-23 21:13:10 | Re: Spoofing as the postmaster |
| Previous Message | Tom Lane | 2007-12-23 20:01:10 | Re: Spoofing as the postmaster |