Re: LDAPS trusted ca support

Поиск
Список
Период
Сортировка
От Marco Cuccato
Тема Re: LDAPS trusted ca support
Дата
Msg-id CACg0f4Y=x_Dq-HWsks1jLgPiw8qjFbG6GsiqStwq7bhDLpXN5w@mail.gmail.com
обсуждение исходный текст
Ответ на Re: LDAPS trusted ca support  (Stephen Frost <sfrost@snowman.net>)
Список pgsql-bugs
Дерево обсуждения
Thanks for the tip! 

Il giorno mar 3 dic 2019 alle ore 21:35 Stephen Frost <sfrost@snowman.net> ha scritto:
Greetings,

* Marco Cuccato (mcuccato.vts@gmail.com) wrote:
> unfortunately I cannot modify the company's LDAP server configuration.

Note that if you're working in an Active Directory environment, you
should really be considering Kerberos/GSSAPI instead of LDAP for your
authentication.  Using PostgreSQL's "ldap" auth method means that the
user's password is sent to, and read by, the PostgreSQL server, which
isn't really very secure.

You'll definitely also want to be using SSL/TLS between the PostgreSQL
client system and the PostgreSQL server, but that doesn't help you if
the PostgreSQL server itself is compromised.

Thanks,

Stephen

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Konstantin Knizhnik
Дата:
Сообщение: Re: Numeric is not leakproof
Следующее
От: PG Bug reporting form
Дата:
Сообщение: BUG #16147: postgresql 12.1 (from homebrew) - pg_restore -h localhost --jobs=2 crashes