| From: | Volker Aßmann <volker(dot)assmann(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Disabling trust/ident authentication configure option |
| Date: | 2015-05-20 08:20:41 |
| Message-ID: | CAJBpAdzH3pMTFfBE+dYd+OytVJXR2XF=ESQ7TG6syjB1suh2ZQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, May 19, 2015 at 1:53 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On May 18, 2015, at 3:32 PM, Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>
> wrote:
> > I know these measures won't protect against an experienced attacker who
> gains root access, but hope it slows them down sufficiently so the admins
> may have a chance to detect the attack.
>
> It won't.
You don't seem to have much trust in your other authentication mechanisms
and seem to know our environment quite well then...
But anyway you don't seem to understand why "being able to remove a
'disable all security let anyone in' option" might be a reasonable idea, so
there is no point in arguing, please just ignore the patch.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Uriy Zhuravlev | 2015-05-20 09:22:34 | Re: WIP: Enhanced ALTER OPERATOR |
| Previous Message | Noah Misch | 2015-05-20 07:13:34 | Re: a few thoughts on the schedule |