Re: Bug#95818: libpgsql2.1: should not depend on ident-server
Robert Bihlmeyer wrote:
>Package: libpgsql2.1
>Version: 7.1release-2
>Severity: normal
>
>identds are considered mild privacy/security risks, therefore I don't
>think libpgsql2.1 and postgresql-client[1] should depend on
>ident-server.
>
>The main use seems to be to allow local connections without further
>authentication. A noble goal that should be reached via local
>transport instead.
>
>Maybe there's more reasoning why this dependency is necessary. In this
>case, please put it in the documentation.
It is indeed the case that ident is needed to allow local access without
a password. I understand that this presents a small security risk on the
server. However, without it, it is necessary for the postgres
administrator's database password to be held in clear in some file, so that
the automatic clean-up processes will be able to operate.
It seems to me that the obvious security risks of the latter process
outweigh the minor risks of having ident available. However, it is only
strictly necessary for the server to have ident available, so I propose to
move the dependency from libpgsql2.1 (and postgresql-client) to postgresql
itself.
In case anyone should ask why the server cannot authenticate directly,
communication between front- and back-ends is done through a Unix socket
and therefore it is not possible for the back-end to know the identity
of the user at the front-end. The only options for Unix socket access
are password-protection or trust (that is, a completely open database).
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"For whosoever will save his life shall lose it. But
whosoever will lose his life for my sake, the same
shall save it." Luke 9:24
Reply to: