Return-Path: owner-postman 
Delivery-Date: Tue, 03 May 94 19:18:34 -0700
Return-Path: owner-postman
Received: from localhost (localhost [127.0.0.1]) by nobozo.CS.Berkeley.EDU (8.6.4/8.6.3) with SMTP id QAA10069 for postgres-redist; Tue, 3 May 1994 16:58:33 -0700
Resent-From: POSTGRES mailing list <postman@postgres.Berkeley.EDU>
Resent-Message-Id: <199405032358.QAA10069@nobozo.CS.Berkeley.EDU>
Sender: owner-postman@postgres.Berkeley.EDU
X-Return-Path: owner-postman
Received: from faerie.CS.Berkeley.EDU (faerie.CS.Berkeley.EDU [128.32.149.14]) by nobozo.CS.Berkeley.EDU (8.6.4/8.6.3) with ESMTP id QAA10059 for <postgres@postgres.Berkeley.EDU>; Tue, 3 May 1994 16:58:31 -0700
Received: from localhost (localhost [127.0.0.1]) by faerie.CS.Berkeley.EDU (8.6.4/8.1B) with SMTP id QAA18961; Tue, 3 May 1994 16:58:12 -0700
Message-Id: <199405032358.QAA18961@faerie.CS.Berkeley.EDU>
X-Authentication-Warning: faerie.CS.Berkeley.EDU: Host localhost didn't use HELO protocol
From: aoki@postgres.Berkeley.EDU (Paul M. Aoki)
To: egan@cbs.cis.com (Egan F. Ford)
Cc: postgres@postgres.Berkeley.EDU (Postgres Mailing List)
Subject: Re: new to postgres 
Reply-To: aoki@postgres.Berkeley.EDU (Paul M. Aoki)
In-reply-to: Your message of Tue, 3 May 94 15:05:50 MDT 
	     <9405032105.AA19996@cbs.cis.com> 
Date: Tue, 03 May 94 16:58:12 -0700
X-Sender: aoki@postgres.Berkeley.EDU
Resent-To: postgres-redist@postgres.Berkeley.EDU
X-Mts: smtp
Resent-Date: Tue, 03 May 94 16:58:32 -0700
Resent-XMts: smtp

egan@cbs.cis.com (Egan F. Ford) writes:
> I've just installed postgres 4.2 on my linux box, it works great.  However I
> have data that my be secure.  Can anyone on the internet with a postgres
> client (e.g. monitor) access my database through post 4321?

correct.  this is documented in various places in the reference and
user manuals; if you want network authentication we do provide code 
to support either kerberos v4 or v5beta2 (it has not been tested with
v5beta3).

you can always do the reserved port thing.  this gives you as much
protection as rlogin/rsh, which is to say, very little (since any
moron can be superuser on their own machine).

it would not be rocket science to hack in a password scheme but in 
this new, unfriendly era of widespread network sniffing, password 
schemes are questionable security at best.

general note:
i know i'm behind on message traffic.  sorry.  things are in sort of
tizzy at berkeley right now.
--
  Paul M. Aoki  |  CS Div., Dept. of EECS, UCB  |  aoki@postgres.Berkeley.EDU
                |  Berkeley, CA 94720           |  ...!uunet!ucbvax!aoki

===============================================================================
    To add/remove yourself from the POSTGRES mailing list: send mail with 
    the subject line ADD or DEL to "postgres-request@postgres.Berkeley.EDU"

    If this fails, send mail to "post_questions@postgres.Berkeley.EDU" and
    a human will deal with it.  DO NOT post to the "postgres" mailing list.
===============================================================================