On Thu, 07 Sep 2006 18:36:32 -0700, Paul Rubin wrote: > Reid Priedhorsky <[EMAIL PROTECTED]> writes: >> > Wouldn't they need a database password? >> >> Well, right now, no. I have Postgres configured to trust the OS on who is >> who. > > You trust the OS on the client machine, but not the client machine's > users? Does it run identd? Maybe you could use that. I'd consider > this shaky for any real security application, but it might be better > than nothing depending on what you're doing.
Hi Paul, Thanks for your help. No -- I suppose I wasn't clear. There are two machines involved: A) Database server. Run by me. I trust the OS on who is who, and there is only one user (me). So database clients run on this box don't require a password. B) Work machine. Run by others, many users. I'd like to also run my database client (Python) here. SSH tunnel is unsatisfactory because other folks can slip down the tunnel after I set it up and then connect to the DB as me. Having the DB on (A) listen to the Internet as well as localhost for connections is also unsatisfactory, because I don't want to set up database passwords. What I'd like is functionality similar to what Subversion does with "svn+ssh://" URLs: an SSH tunnel that accepts only one connection and doesn't have race conditions. Thanks again, Reid -- http://mail.python.org/mailman/listinfo/python-list
