--On 30. April 2015 08:00:23 -0400 Robert Haas <robertmhaas@gmail.com>
wrote:
> But... the user could use password authentication with the password
> set to "x" and that would be insecure, too, yet not prevented by any
> of this. I think it's pretty hard to prevent someone who has
> filesystem-level access to the database server from configuring it
> insecurely.
Sure. But I think the point is to make their engineers to think about what
they're doing. Typing in a password gives you at least a hint, that you are
probably should use something safe.
I agree that you couldn't really make that bullet proof from just this
excluded functionality, but i could imagine that this makes sense in a more
system-wide context.
>
> Of course, it's fine for people to make changes like this in their own
> copies of PostgreSQL, but I'm not in favor of incorporating those
> changes into core. I don't think there's enough general utility to
> this to justify that, and more to the point, I think different people
> will want different things. We haven't, for example, ever had a
> request for this specific thing before.
Well, i found at least one of such a proposal here:
<http://www.postgresql.org/message-id/CAN2Y=uMt7CPkxZhAUfw7SzecKdWCWsUuLmh4XPhUxKqBtdUoyA@mail.gmail.com>
--
Thanks
Bernd