On Wed, Nov 17, 2010 at 04:43:00PM +0100, Magnus Hagander wrote:
> On Wed, Nov 17, 2010 at 16:39, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > Magnus Hagander <magnus@hagander.net> writes:
> >> Currently, we overload "indent" meaning both "unix socket
> >> authentication" and "ident over tcp", depending on what type of
> >> connection it is. This is quite unfortunate - one of them being
> >> one of the most secure options we have, the other one being one
> >> of the most *insecure* ones (really? ident over tcp? does
> >> *anybody* use that intentionally today?)
> >
> >> Should we not consider naming those two different things?
> >
> > Maybe, but it seems like the time to raise the objection was six
> > or eight years ago :-(. Renaming now will do little except to
> > introduce even more confusion.
>
> For existing users, yes. For new users, no.
Yep. If we're to be a successful project, the vast majority of our
users are future users, not current or past ones.
> I certainly get comments on it pretty much every time I do training
> that includes explaining pg_hba options.
>
> The question is if it's worth confusing our existing users a little,
> at the advantage of not confusing new users. We could of course also
> just drop ident-over-tcp completely, but there might be some poor
> guy out there who actually *uses* it :-)
+1 for dropping it completely. We have dropped features--automatic
cast to TEXT, for example--that a good deal more of our user base
relied on, for reasons less compelling than this.
> And I agree it would've been much better to do it years ago. That
> doesn't mean we shouldn't at least *consider* doing it at some
> point.
The sooner, the better, IMHO.
Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate