Re: Indent authentication overloading
Magnus Hagander <magnus@hagander.net>
From: Magnus Hagander <magnus@hagander.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-11-17T15:43:00Z
Lists: pgsql-hackers
On Wed, Nov 17, 2010 at 16:39, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: >> Currently, we overload "indent" meaning both "unix socket >> authentication" and "ident over tcp", depending on what type of >> connection it is. This is quite unfortunate - one of them being one of >> the most secure options we have, the other one being one of the most >> *insecure* ones (really? ident over tcp? does *anybody* use that >> intentionally today?) > >> Should we not consider naming those two different things? > > Maybe, but it seems like the time to raise the objection was six or > eight years ago :-(. Renaming now will do little except to introduce > even more confusion. For existing users, yes. For new users, no. I certainly get comments on it pretty much every time I do training that includes explaining pg_hba options. The question is if it's worth confusing our existing users a little, at the advantage of not confusing new users. We could of course also just drop ident-over-tcp completely, but there might be some poor guy out there who actually *uses* it :-) And I agree it would've been much better to do it years ago. That doesn't mean we shouldn't at least *consider* doing it at some point. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/