On Nov 18, 2006, at 8:36 AM, Tom Allison wrote:
> I'm putting a postgresql installation into my DMZ and want to make
> sure I have an understanding of what makes sense and what does not
> in terms of security.
IF you're only using ident with ident servers you can trust (ie:
localhost), then I can't think of any security issue with using it.
For someone to spoof ident credentials on localhost you either have
to allow them to do it (some identd's support that, but most I've
seen turn it off by default), or they'd have to compromise your
identd. And if they can compromise your identd on the database
server, you're pretty much hosed anyway.
--
Jim Nasby jim@nasby.net
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)