Re: backhanded compliment from Larry Ellison
| От | Josh Berkus |
|---|---|
| Тема | Re: backhanded compliment from Larry Ellison |
| Дата | |
| Msg-id | web-1835715@davinci.ethosmedia.com обсуждение исходный текст |
| Ответ на | Re: backhanded compliment from Larry Ellison ("Magnus Hagander" <mha@sollentuna.net>) |
| Список | pgsql-advocacy |
Magnus, > I'd like to add one more line to that list, which is definitly > holding > us back from using it in a few situations: > 6) Integrated Windows login. > > Meaning once you're on the domain, you have your permissions in the > database server. Hmmm ... not sure that's such a desirable feature. The "integrated login" was the source of one of the SQL server worms. And delving into the MS authentication protocols is probably a good way to waste a couple of 100 hours as well as get sued by MS under the DCMA. I also tend to *not* use user's logins for the database, relying instead on encrypted application logins and application security to manage user rights. Mind you, in one of my clients' heterogenous shops, we have integrated login, effectively ... the office has an integrated Samba/NIS authentication server, and one of the databases uses PAM authentication, thus providing client --> server authentication for both Postgres and SQL Server. Works great, though WIndows XP will cause problems with the setup eventually. -Josh Berkus
В списке pgsql-advocacy по дате отправления: