<p dir="ltr"><br /> On May 7, 2015 12:41 AM, "Heikki Linnakangas" <<a
href="mailto:hlinnaka@iki.fi">hlinnaka@iki.fi</a>>wrote:<br /> ><br /> > On 05/07/2015 01:32 AM, Jim Nasby
wrote:<br/> >><br /> >> On 5/6/15 12:56 PM, Peter Eisentraut wrote:<br /> >>>><br />
>>>>I think this is a sufficiently general requirement to warrant including<br /> >>>>><br
/>>>>>> an option to disable this, as most hardening guides I have seen for<br /> >>>>>
PostgreSQLunconditionally require to disable trust authentication and<br /> >>>>> disabling it in the
coderemoves the need to check this in the runtime<br /> >>>>> configuration.<br /> >>><br />
>>>I think people would be interested in well-thought out, generalized<br /> >>> hardening
facilities. But that would likely include other things than<br /> >>> just disabling an authentication method
ortwo. And we can't be adding<br /> >>> a new compile-time option as we add each one. We need a more
general<br/> >>> approach.<br /> >><br /> >><br /> >> Yeah. I think one of the big use cases
hereis that many environments<br /> >> are OK with at least ident (if not trust) but only from the local<br />
>>machine. So you'd probably want to handle that somehow.<br /> ><br /> ><br /> > That's called 'peer',
since9.1.<br /> ><p dir="ltr">There is also ident over localhost tcp. Since it only passes through the local kernel,
itcan probably be considered quite secure (but requires an extra piece of software to be installed, but that's easy).
Andprovides a usable option for those that can't use peer. <p dir="ltr">/Magnus <br />