Re: Patch to include PAM support...
| От | Bruce Momjian |
|---|---|
| Тема | Re: Patch to include PAM support... |
| Дата | |
| Msg-id | 200106121857.f5CIv0s02932@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Patch to include PAM support... ("Dominic J. Eidson" <sauron@the-infinite.org>) |
| Список | pgsql-patches |
> Bruce Momjian <pgman@candle.pha.pa.us> writes: > >> Because (a) it greatly increases the scope of the vulnerability, > > > How? It is just a new authentication method with the same problems as > > our current ones. > > No, it is not *a* new authentication method, it is an open interface > that could be plugged into almost anything. We need the top-level > postmaster process to be absolutely reliable; plugging into "almost > anything" is not conducive to reliability. But isn't that the responsibility of the administrator? They are already responsible for the IDENT servers they use. Isn't this the same thing. > Besides, an hour ago you were ready to reject this patch for lack of > interest. Why are you suddenly so eager to ignore the risks and apply > it anyway? Because some have now said they want it and I do not see the _new_ risks. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
В списке pgsql-patches по дате отправления: