Re: Automated database backups and authentication

On Tue, Aug 06, 2002 at 11:34:58PM +0200, Artur Pietruk wrote:
> On Tue, Aug 06, 2002 at 11:39:03AM -0700, Darren McClelland wrote:
> > Thanks, that's an idea. I'd always been thinking of ident as unreliable, but
> > if I control the authenticating server then it's something usable. At least I
> [cut]
>
>     Well, if you want to use ident that way, than you have to trust not
> only those two servers, but all hosts in their network segments - do not
> forget about ARP poisoning.
>
>     I think, that in your setup it would be better to do crypt=-auth
> and:
>
>     - use PGPASSWORD environment variable, just set it before you execute

If you're worried about people poisoning arp, &c., then you'd have to
be mad to put a password in an environment variable.

If you have this sort of security problem, use Kerberos.  It's what
it was designed to solve.

A

--
----
Andrew Sullivan                               87 Mowat Avenue
Liberty RMS                           Toronto, Ontario Canada
<andrew@libertyrms.info>                              M6K 3E3
                                         +1 416 646 3304 x110