Re: What goes into the security doc?
От | Robert Treat |
---|---|
Тема | Re: What goes into the security doc? |
Дата | |
Msg-id | 1043162191.18529.11.camel@camel обсуждение исходный текст |
Ответ на | What goes into the security doc? (Dan Langille <dan@langille.org>) |
Ответы |
Re: What goes into the security doc?
Re: What goes into the security doc? |
Список | pgsql-hackers |
I'm not sure how adequately these topics are covered elsewhere, but you should probably provide at least a pointer if not improved information: * Should have a mention of the pgcrypto code in contrib. * Brain hiccup, but isn't there some type of "password" datatype * Explanation of problems/solutions of using md5 passwords inside postgresql. this has tripped up a lot of people upgrading to 7.3 * possibly go into server resource issues and the pitfalls in giving free form sql access to just anyone. (Think unconstrained join on all tables in a database) hth, Robert Treat On Mon, 2003-01-20 at 00:01, Dan Langille wrote: > With reference to my post to the "PostgreSQL Password Cracker" on > 2003-01-02, I've promised to write a security document for the project. > Here it is, Sunday night, and I can't sleep. What better way to get there > than start this task... > > My plan is to write this in very simple HTML. I will post the draft > document on my website and post the URL here from time to time for > feedback. Please make suggestions for content. So far, I will cover these > items: > > - .pgpass (see > http://developer.postgresql.org/docs/postgres/libpq-files.html) > - local connections > - remote connections (recommending SSL) > - pg_hba (only in passing, most of that is at > http://www.postgresql.org/idocs/index.php?client-authentication.html) > - running the postmaster as a specific user > > That doesn't sound like much. Surely you can think of something else to > add. Should I post this to another list for their views? > > OK, that's done it. I'm ready for sleep now.
В списке pgsql-hackers по дате отправления: