Subject: Re: identd with NAT and IPv6 support.
To: Henry B. Hotz <email@example.com>
From: Jim Wise <firstname.lastname@example.org>
Date: 04/02/2002 15:14:56
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 2 Apr 2002, Henry B. Hotz wrote:
>One of the easy ways to configure PostgreSQL is to use identd to
>identify the user when the request comes from the same machine as the
>server is running on. All the other ways of authenticating a user
>connection are a real pain in comparison. This is a standard
>application, compiled as provided.
An even easier way to configure postgresql is to not require
authentication at all. And it's just as secure as what you suggest.
More seriously, encrypted password support in PostgreSQL is just not
that hard, and the fact that you can do a hack like the above is not an
excuse not to use it.
>I've always considered that if I couldn't trust the machine I was
>running on then I was pretty much hosed anyway. CFS doesn't prevent
>root from seeing your data files, nor Kerberos prevent root from
Fine. Than since you trust `the machine', I assume you use .rhosts all
over the place? IP addresses are not hard to forge...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----