| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Deprecations in authentication |
| Date: | 2012-10-18 11:41:13 |
| Message-ID: | CA+U5nMKVbk=JWpAdoSwcm2DHU+0JnK0a_+=E2BUmWt6zw64pyQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 18 October 2012 12:37, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Thu, Oct 18, 2012 at 1:32 PM, Simon Riggs <simon(at)2ndquadrant(dot)com> wrote:
>> On 18 October 2012 12:20, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>>
>>> 2. ident-over-unix-sockets was renamed to "peer" in 9.1, with the old
>>> syntax deprecated but still mapping to the new one. Has it been there
>>> long enough that we should start throwing an error for ident on unix?
>>
>> Any reason to remove? Having two names for same thing is a happy place
>> for users with bad/fond memories. It costs little and no errors are
>> associated with using the old name (are there?).
>
> The only real reason for that one would be confusion. e.g. using ident
> over tcp is for most people very insecure, whereas ident over unix
> sockets is very secure. there are exceptions to both those, but for
> the majority of cases we are using the same name for one thing that
> has very good security and one that has very bad. And confusion when
> it comes to security is usually not a good thing.
I'll go with that.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2012-10-18 11:43:34 | Re: Deprecations in authentication |
| Previous Message | Magnus Hagander | 2012-10-18 11:37:29 | Re: Deprecations in authentication |