| From: | Marco Cuccato <mcuccato(dot)vts(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: LDAPS trusted ca support |
| Date: | 2019-12-04 10:18:27 |
| Message-ID: | CACg0f4Y=x_Dq-HWsks1jLgPiw8qjFbG6GsiqStwq7bhDLpXN5w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Thanks for the tip!
Il giorno mar 3 dic 2019 alle ore 21:35 Stephen Frost <sfrost(at)snowman(dot)net>
ha scritto:
> Greetings,
>
> * Marco Cuccato (mcuccato(dot)vts(at)gmail(dot)com) wrote:
> > unfortunately I cannot modify the company's LDAP server configuration.
>
> Note that if you're working in an Active Directory environment, you
> should really be considering Kerberos/GSSAPI instead of LDAP for your
> authentication. Using PostgreSQL's "ldap" auth method means that the
> user's password is sent to, and read by, the PostgreSQL server, which
> isn't really very secure.
>
> You'll definitely also want to be using SSL/TLS between the PostgreSQL
> client system and the PostgreSQL server, but that doesn't help you if
> the PostgreSQL server itself is compromised.
>
> Thanks,
>
> Stephen
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2019-12-04 11:46:35 | BUG #16147: postgresql 12.1 (from homebrew) - pg_restore -h localhost --jobs=2 crashes |
| Previous Message | Konstantin Knizhnik | 2019-12-04 09:28:11 | Re: Numeric is not leakproof |