Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: postgres authentication question
- From: Jim Nasby <decibel(at)decibel(dot)org>
- To: Tom Allison <tallison(at)tacocat(dot)net>
- Cc: pgsql-novice(at)postgresql(dot)org
- Subject: Re: postgres authentication question
- Date: Mon, 27 Nov 2006 20:56:08 -0600
On Nov 18, 2006, at 8:36 AM, Tom Allison wrote:
I'm putting a postgresql installation into my DMZ and want to make sure I have an understanding of what makes sense and what does not in terms of security.
IF you're only using ident with ident servers you can trust (ie: localhost), then I can't think of any security issue with using it. For someone to spoof ident credentials on localhost you either have to allow them to do it (some identd's support that, but most I've seen turn it off by default), or they'd have to compromise your identd. And if they can compromise your identd on the database server, you're pretty much hosed anyway.
-- Jim Nasby jim(at)nasby(dot)net EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
- References:
- postgres authentication question
- From: Tom Allison
- postgres authentication question
- Prev by Date: Re: Inserting values into a variable table
- Next by Date: Re: Benchmarking PostgreSQL against others on Windows?
- Previous by thread: Re: postgres authentication question
- Next by thread: CHECK constraint and trigger
- Indexes: