Re: [HACKERS] Updated TODO list
| От | Gene Sokolov |
|---|---|
| Тема | Re: [HACKERS] Updated TODO list |
| Дата | |
| Msg-id | 050801bece91$ffd4aba0$0d8cdac3@aktrad.ru обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Updated TODO list (Bruce Momjian <maillist@candle.pha.pa.us>) |
| Список | pgsql-hackers |
From: Bruce Momjian <maillist@candle.pha.pa.us> > > > I think the original point was that some people use the same or related > > > passwords for psql as for their login password. > > > > This may sound cold, but isn't that their own problem. I can remmeber > > being told the first time i needed a passwd "don't reuse this" . > > There should come a tiem when people take their own security a little > > more into their own hands, but hey that's just me :) > > This may be the issue. If we decided the postgres user has to be able > to know the password, we are stuck requiring people to use a different > password for the database if the postgres user is not trusted as much as > the system owner. Assuming that people have limited memory, they really have only two choices - reuse passwords, possibly with some modifications, or write passwords down. I think the first choice is the lesser evil. There are perfect solutions to the authentication problem.It's just a matter of accepting one of these solutions. Gene Sokolov
В списке pgsql-hackers по дате отправления: