Decibel! wrote:
Why does the windows installer require a password for the superuser
account, since it's perfectly legitimate not to have a password on that
account? I could see perhaps producing a warning, but making this a hard
requirement seems like overkill.
Security out of the box. There
On Fri, Aug 31, 2007 at 09:02:49AM +0100, Dave Page wrote:
Decibel! wrote:
Why does the windows installer require a password for the superuser
account, since it's perfectly legitimate not to have a password on that
account? I could see perhaps producing a warning, but making this a hard
Decibel! wrote:
On Fri, Aug 31, 2007 at 09:02:49AM +0100, Dave Page wrote:
Decibel! wrote:
Why does the windows installer require a password for the superuser
account, since it's perfectly legitimate not to have a password on that
account? I could see perhaps producing a warning, but making
Decibel! wrote:
Is there something insecure about using ident sameuser for localhost
authentication on Windows?
FWIW, I never advise people to use ident auth for postgres except on
local (a.k.a. Unix domain socket) connections, which don't exist on Windows.
cheers
andrew
On Fri, Aug 31, 2007 at 12:37:16PM -0400, Andrew Dunstan wrote:
Decibel! wrote:
Is there something insecure about using ident sameuser for localhost
authentication on Windows?
FWIW, I never advise people to use ident auth for postgres except on
local (a.k.a. Unix domain socket)
On Fri, Aug 31, 2007 at 12:30:02PM -0500, Decibel! wrote:
Is it easy to spoof where an incoming connection request is coming from?
Is there something else that makes ident on 127.0.0.1/32 insecure?
It shouldn't be easy. Ident uses TCP, which is rather harder to
spoof. If someone can
Andrew Sullivan [EMAIL PROTECTED] writes:
On Fri, Aug 31, 2007 at 12:30:02PM -0500, Decibel! wrote:
Is it easy to spoof where an incoming connection request is coming from?
Is there something else that makes ident on 127.0.0.1/32 insecure?
It shouldn't be easy. Ident uses TCP, which is
On Fri, Aug 31, 2007 at 07:07:40PM +0100, Gregory Stark wrote:
It shouldn't be easy. Ident uses TCP, which is rather harder to
spoof.
Say what? It's actually quite easy to spoof TCP. There are even command-line
tools to do it available in most Unix distributions.
Sorry, I should have
On Fri, Aug 31, 2007 at 02:38:25PM -0400, Andrew Sullivan wrote:
Indeed, I would argue that, for industrial-class data centre use, if
you can't use ident between machines, your network security is in
very bad shape. (That isn't to say I think it's a good idea; but
rather, that I hope the
Andrew Sullivan [EMAIL PROTECTED] writes:
On Fri, Aug 31, 2007 at 07:07:40PM +0100, Gregory Stark wrote:
It shouldn't be easy. Ident uses TCP, which is rather harder to
spoof.
Say what? It's actually quite easy to spoof TCP. There are even command-line
tools to do it available in
On Fri, Aug 31, 2007 at 02:12:03PM -0500, Decibel! wrote:
ISTM that if someone breaches your network to the point where they can
spoof identd, you're pretty much hosed anyway; so what's the point of
hard-coding passwords in a config file somewhere then?
True. I personally prefer cryptographic
On Fri, Aug 31, 2007 at 08:20:20PM +0100, Gregory Stark wrote:
Except note that ident is, like X, precisely the kind of protocol where the
handshake matters least. Since you all the relevant data comes early in the
message you can fire the SYN and the ACK (with the predicted sequence number)
Why does the windows installer require a password for the superuser
account, since it's perfectly legitimate not to have a password on
that account? I could see perhaps producing a warning, but making
this a hard requirement seems like overkill.
--
Decibel!, aka Jim Nasby
13 matches
Mail list logo