Return-Path: pg_adm@postgres.berkeley.edu
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA17400; Wed, 6 May 92 09:25:40 -0700
Message-Id: <9205061625.AA17400@postgres.Berkeley.EDU>
From: mao@olympus.cs.berkeley.edu (Mike Olson)
Subject: Re: Using Postgres from Unix and security
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu
In-Reply-To: Your message of Wed, 06 May 92 18:17:07 +0100.
             <9205061617.AA17350@postgres.Berkeley.EDU> 
Date: Wed, 06 May 92 09:28:48 PDT

In message <9205061617.AA17350@postgres.Berkeley.EDU> you write:

> I think that you have only looked at half of what I have done.  You,
> or somebody on one of the machines in my subnet, _cannot_
> talk to my postmaster because it only accepts connections coming in a
> priviliged tcp port (ie a port number less than 1024).

you're right, i wasn't thinking.

since kerberos supports authentication without resorting to super-user
privileges, we'll take that approach for the officially supported release.
however, your fixes do what you claim they do -- you can't crack the
database system without cracking root somewhere on your subnet.

					mike