On Fri, Aug 31, 2007 at 08:20:20PM +0100, Gregory Stark wrote:
> Except note that ident is, like X, precisely the kind of protocol where the
> handshake matters least. Since you all the relevant data comes early in the
> message you can fire the SYN and the ACK (with the predicted sequence number)
On Fri, Aug 31, 2007 at 02:12:03PM -0500, Decibel! wrote:
> ISTM that if someone breaches your network to the point where they can
> spoof identd, you're pretty much hosed anyway; so what's the point of
> hard-coding passwords in a config file somewhere then?
True. I personally prefer cryptograph
"Andrew Sullivan" <[EMAIL PROTECTED]> writes:
> On Fri, Aug 31, 2007 at 07:07:40PM +0100, Gregory Stark wrote:
>> >
>> > It shouldn't be easy. Ident uses TCP, which is rather harder to
>> > spoof.
>>
>> Say what? It's actually quite easy to spoof TCP. There are even command-line
>> tools to do
On Fri, Aug 31, 2007 at 02:38:25PM -0400, Andrew Sullivan wrote:
> Indeed, I would argue that, for industrial-class data centre use, if
> you can't use ident between machines, your network security is in
> very bad shape. (That isn't to say I think it's a good idea; but
> rather, that I hope the n
On Fri, Aug 31, 2007 at 07:07:40PM +0100, Gregory Stark wrote:
> >
> > It shouldn't be easy. Ident uses TCP, which is rather harder to
> > spoof.
>
> Say what? It's actually quite easy to spoof TCP. There are even command-line
> tools to do it available in most Unix distributions.
Sorry, I sho
"Andrew Sullivan" <[EMAIL PROTECTED]> writes:
> On Fri, Aug 31, 2007 at 12:30:02PM -0500, Decibel! wrote:
>>
>> Is it easy to spoof where an incoming connection request is coming from?
>> Is there something else that makes ident on 127.0.0.1/32 insecure?
>
> It shouldn't be easy. Ident uses TCP,
On Fri, Aug 31, 2007 at 12:30:02PM -0500, Decibel! wrote:
>
> Is it easy to spoof where an incoming connection request is coming from?
> Is there something else that makes ident on 127.0.0.1/32 insecure?
It shouldn't be easy. Ident uses TCP, which is rather harder to
spoof. If someone can origi
On Fri, Aug 31, 2007 at 12:37:16PM -0400, Andrew Dunstan wrote:
>
>
> Decibel! wrote:
> >Is there something insecure about using ident sameuser for localhost
> >authentication on Windows?
> >
>
> FWIW, I never advise people to use ident auth for postgres except on
> local (a.k.a. Unix domain
Decibel! wrote:
Is there something insecure about using ident sameuser for localhost
authentication on Windows?
FWIW, I never advise people to use ident auth for postgres except on
local (a.k.a. Unix domain socket) connections, which don't exist on Windows.
cheers
andrew
-
Decibel! wrote:
> On Fri, Aug 31, 2007 at 09:02:49AM +0100, Dave Page wrote:
>> Decibel! wrote:
>>> Why does the windows installer require a password for the superuser
>>> account, since it's perfectly legitimate not to have a password on that
>>> account? I could see perhaps producing a warning, b
On Fri, Aug 31, 2007 at 09:02:49AM +0100, Dave Page wrote:
> Decibel! wrote:
> > Why does the windows installer require a password for the superuser
> > account, since it's perfectly legitimate not to have a password on that
> > account? I could see perhaps producing a warning, but making this a ha
Decibel! wrote:
> Why does the windows installer require a password for the superuser
> account, since it's perfectly legitimate not to have a password on that
> account? I could see perhaps producing a warning, but making this a hard
> requirement seems like overkill.
Security out of the box. The
Why does the windows installer require a password for the superuser
account, since it's perfectly legitimate not to have a password on
that account? I could see perhaps producing a warning, but making
this a hard requirement seems like overkill.
--
Decibel!, aka Jim Nasby
13 matches
Mail list logo
