Re: Case insensitive usernames
| От | Tom Lane |
|---|---|
| Тема | Re: Case insensitive usernames |
| Дата | |
| Msg-id | 1842.1115674920@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Case insensitive usernames ("Magnus Hagander" <mha@sollentuna.net>) |
| Список | pgsql-hackers |
"Magnus Hagander" <mha@sollentuna.net> writes:
> Another way to help in this particular case would be to have libpq on
> win32 only force-lowercase the username IF it was retreived from the
> system (but not when manually specified).
Well, I personally don't care how bizarrely the Win32 port behaves ;-)
so I won't complain if something like that happens. You should think
twice though about whether introducing this inconsistency is going to
be a net win, or whether it'll just move the confusion someplace else.
> Then if this was done the
> kerberos username-matching code would just have to be relaxed to be case
> insensitive (which it really should be, because AFAIK kerberos is
> supposed to be case insensitive),
This however bothers me; it seems like a potential security hole (create
kerberos principal FOO, use it to break into Foo's account). Or does
kerberos guarantee FOO and Foo are the same?
regards, tom lane
В списке pgsql-hackers по дате отправления: