What do others think? I am not sure myself. ---------------------------------------------------------------------------
mlw wrote: > > > Bruce Momjian wrote: > > >mlw wrote: > > > > > >>>The comments at the top suggest sniffing a Postgres session startup > >>>exchange in order to see the MD5 value that the user presents; which the > >>>attacker would then give to this program. (Forget it if the session is > >>>Unix-local rather than TCP, or if it's SSL-encrypted...) > >>> > >>>This is certainly a theoretically possible attack against someone who > >>>has no clue about security, but I don't put any stock in it as a > >>>practical attack. For starters, if you are talking to your database > >>>across a network that is open to hostile sniffers, you should definitely > >>>be using SSL. > >>> > >>> > >>> > >>> > >>This is absolutely correct, shouldn't this be in the FAQ? > >> > >> > > > >Well, this is a pretty rare issue, so it doesn't seem like an FAQ. > >People need to understand the ramifications of the various pg_hba.conf > >settings, and I think our documentation does that. > > > > > A good DBA will probably read the docs, a bad DBA will probably not, and > it is the bad DBA that needs to be guided the most. > > Maybe not FAQ, but is the a short page of "dos and don'ts? > > -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
