Return-Path: pg_adm@postgres.berkeley.edu
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA21720; Wed, 6 May 92 13:47:48 -0700
Date: Wed, 6 May 92 13:47:48 -0700
Message-Id: <9205062047.AA21720@postgres.Berkeley.EDU>
From: djones%super@uunet.UU.NET
Subject: Re: Using Postgres from Unix and security
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu

Just to add my 2 cents to the debate - my MSDOS port of libpq currently
sends a username specified in the MSDOS environment and selects the
port and host based on two other environment variables.  Hence, this
subverts the proposed fix if you have PC's on your subnet since there is
no real concept of a protected port number when programming a PC.  You
can decide not to allow protected port connection from any PC, but then
you lose use of a number of programs that are the reason why you are
running TCP/IP networking with PC's in the first place.

PC's are very insecure beasts - any protocol that doesn't require *at least*
a password or key stored on a protected server to be known can be
subverted by anyone with a PC and some smarts anywhere on your subnet.

Your solution solves the "pure" case of unix machines, but how many of
us have the luxury of PCless environments?  I'm not overwhelmingly supportive
of using Kerberos, but it is certainly better than the current no protection
case.

	Dan Jones