Re: [HACKERS] pgsql/php3/apache authentication

Peter Eisentraut <e99re41@docs.uu.se>

From: Peter Eisentraut <e99re41@DoCS.UU.SE>
To: Jan Wieck <wieck@debis.com>
Cc: Jim Mercer <jim@reptiles.org>, pgsql-general@postgresql.org, pgsql-hackers@postgresql.org
Date: 2000-04-28T08:05:31Z
Lists: pgsql-hackers
On Thu, 27 Apr 2000, Jan Wieck wrote:

>     The  default  of  "local  all  trust"  is something I allways
>     considered insecure.

No kidding.

>     If we add  a  permissions  field  to  the  local  entry,  the
>     postmaster can chmod() the socket file after creating it (and
>     maybe drain out waiting connections that slipped  in  between
>     after  a  second  before  accepting  the first real one). The
>     default hba would then read:
> 
>         local  all                               trust 0770
>         host   all   127.0.0.1  255.255.255.255  ident sameuser

I think I like that idea.


-- 
Peter Eisentraut                  Sernanders väg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden