Re: MySQL interview, no mention of PostgreSQL
От | Neil Conway |
---|---|
Тема | Re: MySQL interview, no mention of PostgreSQL |
Дата | |
Msg-id | 1066366235.582.5.camel@tokyo обсуждение исходный текст |
Ответ на | Re: MySQL interview, no mention of PostgreSQL (Josh Berkus <josh@agliodbs.com>) |
Ответы |
Re: MySQL interview, no mention of PostgreSQL
|
Список | pgsql-advocacy |
On Thu, 2003-10-16 at 12:54, Josh Berkus wrote: > While one could write a utility in Postgres to create/process the file, the > "live" version of pg_hba.conf *must* be outside the database. If our ACL > was in the database, then how would we know who has the rights to read the > ACL? I don't see why this is a show-stopping problem. Can you elaborate? > Systems which store their ACLs in the database (MSSQL) are continuously > vulnerable to attacks that piggy-back on the authentication process to gain > entry to the database, e.g. the "Slammer" worm. How does storing ACLs in the database have anything to do with Slammer, which exploited some buffer overruns in the UDP authentication service used by SQL server? > Also, users would risk a permanent fatal lockout if they mis-configure pg_hba. There are plenty of ways to get around that, however (e.g. a command-line tool that effectively started a standalone backend and allowed the DBA to bypass the ACL system). -Neil
В списке pgsql-advocacy по дате отправления: