John R Pierce <pierce@hogranch.com> writes:
> Tom Lane wrote:
>> A more accurate statement is that it's trustworthy to the extent that
>> you trust the owner of the other machine to be running a non-broken
>> identd daemon. Within a LAN it might be perfectly reasonable to use.
> you would have to extend that trust to any machine connected to any
> network which can be routed to the server in question as he was
> specifying a wildcard IP, and that includes anything that anyone could
> plug into any network port.
Agreed, it's pretty stupid to use IDENT with a wildcard IP that allows
connections from untrusted networks. I was just objecting to the
statement that it's unsafe in all cases.
regards, tom lane