On 05/07/2015 01:32 AM, Jim Nasby wrote:
On 5/6/15 12:56 PM, Peter Eisentraut wrote:
I think this is a sufficiently general requirement to warrant including
an option to disable this, as most hardening guides I have seen for
PostgreSQL unconditionally require to disable trust authentication and
disabling it in the code removes the need to check this in the runtime
configuration.
I think people would be interested in well-thought out, generalized
hardening facilities. But that would likely include other things than
just disabling an authentication method or two. And we can't be adding
a new compile-time option as we add each one. We need a more general
approach.
Yeah. I think one of the big use cases here is that many environments
are OK with at least ident (if not trust) but only from the local
machine. So you'd probably want to handle that somehow.
That's called 'peer', since 9.1.
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
