hey martin, On Fri, Jun 17, 2005 at 09:22:55AM +0200, Martin Pitt wrote: > However, I see that nowadays the "ident" default does not really make > sense for "host" connections, i. e. through the TCP port. As soon as > the new 8.0 version makes its way through NEW, I'll upload new > versions of 7.4 and 8.0 to change the default to "password". that seems fairly reasonable. > However, that is unrelated to the requirements of web applications, > since they require a special entry anyway and cannot rely on fallback > defaults. A web application will most probably access the database > through TCP and not through the local socket, so there should be a > line like > > host yourwebappdb yourwebappuser 127.0.0.1 255.255.255.255 password > > depending on whether you want to allow remote access by default, the > IP mask has to be changed, of course. Also you might prefer md5 > authentication. what about by default allowing all localhost-based connections with password, but not network based ones? i think it's a fair compromise of security vs. usability. > An idea already came up earlier on d-devel. What about a new tool in > postgresql-common that adds or removes a specific web application > entry to the authentication system? It could look like > > pg_add_app --cluster 8.0/main --auth password --ip 127.0.0.1/32 yourwebappdb yourwebappuser > pg_remove_app --cluster 8.0/main yourwebappdb yourwebappuser that sounds pretty reasonable, though i agree that we should spend some time talking about the interface to this as well as how it would work under the hood. i'd be happy to provide support for using such a tool in dbconfig-common as well, where it could be accompanied by some debconf templates and script logic to keep things clean and in line with policy (prompting the admin first, etc). sean --
Attachment:
signature.asc
Description: Digital signature