On Wed, Nov 17, 2010 at 17:31, Peter Eisentraut <pete...@gmx.net> wrote: > On ons, 2010-11-17 at 16:35 +0100, Magnus Hagander wrote: >> Currently, we overload "indent" meaning both "unix socket >> authentication" and "ident over tcp", depending on what type of >> connection it is. This is quite unfortunate - one of them being one of >> the most secure options we have, the other one being one of the most >> *insecure* ones (really? ident over tcp? does *anybody* use that >> intentionally today?) >> >> Should we not consider naming those two different things? > > The original patch called the Unix domain socket version "peer" (whereas > the name "ident" comes from the official name of the TCP/IP protocol > used). You can look it up in the archives, but I believe the argument > for using the name "ident" for both was because "ident" was established > and the new feature would provide the same functionality.
Yeah, I vaguely recall that discussion - too lazy to actually look it up :-) I think the argument was definitely wrong, but it didn't seem so at the time... > That said, I completely agree with you. Every time I look through a > pg_hba.conf I think, that's a terrible name, we should rename this. > > We could perhaps introduce an alternative name and slowly deprecate the > original one. That seems reasonable. Maybe even have the server emit a warning when it sees it (since we now read/parse pg_hba.conf on server start, it would only show up once per server reload, not on every connect). Or maybe just doc-deprecate in 9.1, warning in 9.2, drop in 9.3 or something? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
