* Josh Berkus (j...@agliodbs.com) wrote: > On 05/06/2015 02:13 PM, Tom Lane wrote: > > Andrew Dunstan <and...@dunslane.net> writes: > >> (Personally I think there's a very good case for completely ripping out > >> RFC1413 ident auth. I've not seen it used in a great long while, and > >> it's always been a security risk.) > > > > FWIW, I agree with that --- or at least making it a not-built-by-default > > option. > > I have seen it in the last year, actually, but only once, which even for > my personal pool represents < 1% usage. So ... > > > Probably the right time to make any such changes is at the same time > > we add the proposed more-secure-than-MD5 password option. > > +1 to kill off ident when we replace MD5, since users will need to be > beaten over the head about changes to auth methods anyway.
I realize it's not going to be popular, but I'd love to have 'trust'
only allowed if a command-line option is passed to the postmaster or
something along those lines. It's really got no business being an
option for a network service like PG. I'd suggest ripping it out
entirely but I'm sure that'd be even less popular and Andrew does make a
good point that our single-user-mode is still so terrible that we have
to support a multi-user-mode with zero auth, to deal with certain kinds
of breakage/corruption. The fix for that is having a real single-user
mode that is usable, as has been discussed previously, but we don't seem
to be making much progress in that direction, unfortunately.
Thanks!
Stephen
signature.asc
Description: Digital signature
