On Wed, May 20, 2015 at 5:21 PM, Robert Haas wrote:
>
> Please don't be discouraged here. Contributing to the PostgreSQL
> community can be frustrating when you don't get what you want, and
> even though I have been a member of this community for about 7 years
> now and am a major contributor an
On Tue, May 19, 2015 at 1:53 AM, Robert Haas wrote:
> On May 18, 2015, at 3:32 PM, Volker Aßmann
> wrote:
> > I know these measures won't protect against an experienced attacker who
> gains root access, but hope it slows them down sufficiently so the admins
> may have
On Mon, May 18, 2015 at 5:58 AM, Josh Berkus wrote:
> Let's say we offered a compile-time option, and then someone built a
> package postgresql-9.6-secureauth.deb. So, your lazy admin is having
> trouble debugging an auth problem and wants to set "trust". But they
> can't. So they search on G
13, 2015 at 8:01 AM, Volker Aßmann
> wrote:
> > Even in this case it still means that any breach in any of the network
> > services running on your application server would immediately own your
> > database, or at least everything your application can access. This
> appli
On Mon, May 11, 2015 at 10:00 PM, Robert Haas wrote:
> On Thu, May 7, 2015 at 4:57 PM, Stephen Frost wrote:
> > * Robert Haas (robertmh...@gmail.com) wrote:
> >> On Thu, May 7, 2015 at 11:02 AM, Stephen Frost
> wrote:
> >> > I realize it's not going to be popular, but I'd love to have 'trust'
>
On Wed, May 6, 2015 at 4:47 PM, Alvaro Herrera
wrote:
> Robert Haas wrote:
>
> > I frankly find that a bit difficult to swallow. You think that
> > everyone knows that bad passwords are a problem, but some people might
> > not realize that an authentication method called "trust" might not be
> >
On Tue, May 5, 2015 at 10:39 PM, Robert Haas wrote:
> On Tue, May 5, 2015 at 8:05 AM, Volker Aßmann
> wrote:
> > Changing the password to something simple is immediately obvious as a
> > security flaw for most people who may come across database
> configurations,
> >
t does not change the default
behavior but implement a simple way to comply with security policies and
actually increase security for some specific use cases.
BR,
Volker Aßmann
On Thu, Apr 30, 2015 at 2:00 PM, Robert Haas wrote:
> On Thu, Apr 16, 2015 at 9:55 AM, Bernd Helmle
> wrote:
&
