Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
| От | Jacob Champion |
|---|---|
| Тема | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue |
| Дата | |
| Msg-id | CAAWbhmhQFjhSW8Um+KbQ2YEV6viUiJ1uuKyUjSG4p4+deKcgEQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue (Michael Paquier <michael@paquier.xyz>) |
| Ответы |
Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
|
| Список | pgsql-hackers |
On Mon, Aug 21, 2023 at 4:22 PM Michael Paquier <michael@paquier.xyz> wrote: > There are additionally two more comments in the SSL tests that could > be removed, I guess. Here's a v4, with Robert's latest suggestion > added. LGTM. > I am not sure that we need to change this historic term, TBH. Perhaps > it would be shorter to just rip off the trust method from the tree > with a deprecation period but that's not something I'm much in favor > off either (I use it daily for my own stuff, as one example). > Another, more conservative approach may be to make it a developer-only > option and discourage more its use in the docs. I don't think we should get rid of anonymous connections; there are ways to securely authorize a client connection without ever authenticating the entity at the other end. I'd just like the server to call them what they are, because I think the distinction is valuable for DBAs who are closely watching their systems. --Jacob
В списке pgsql-hackers по дате отправления: