| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | David Steele <david(at)pgmasters(dot)net> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow cluster owner to bypass authentication |
| Date: | 2020-04-05 10:15:14 |
| Message-ID: | 6f5b9fb6-68cf-f451-3822-20bc60a86cef@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2020-03-27 15:58, David Steele wrote:
> Hi Peter,
>
> On 12/27/19 3:22 PM, Stephen Frost wrote:
>> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>>
>>> I think it'd be great if this behavior could be implemented
>>> within the notation, because we could then just set up a
>>> non-empty default pg_ident.conf with useful behavioral
>>> examples in the form of prefab maps. In particular, we
>>> should think about how hard it is to do "I want the default
>>> behavior plus allow joe to connect as charlie". If the
>>> default is a one-liner that you can copy and add to,
>>> that's a lot better than if you have to reverse-engineer
>>> what to write.
>>
>> This direction certainly sounds more appealing to me.
>
> Any thoughts on the discussion between Stephen and Tom?
It appears that the whole discussion of what a new default security
configuration could or should be hasn't really moved to a new consensus,
so given the time, I think it's best that we leave things as they are
and continue the exploration at some future time.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dilip Kumar | 2020-04-05 11:00:51 | Re: Index Skip Scan |
| Previous Message | Darafei Komяpa Praliaskouski | 2020-04-05 09:48:33 | Re: Yet another fast GiST build |