agora inbox for postgres@postgres.berkeley.eduhelp / color / mirror / Atom feed
user authentification 2+ messages / 2 participants [nested] [flat]
* user authentification @ 1994-05-11 20:29 Kai Petzke <wpp@marie.physik.tu-berlin.de> 0 siblings, 1 reply; 2+ messages in thread From: Kai Petzke @ 1994-05-11 20:29 UTC (permalink / raw) To: linux-postgres@native-ed.bc.ca Hi, I am looking for a small project, which to start with hacking postgres. I do not want to do the big "C++"-ifying and "Web"bing thing, before they have released the final version. My suggestions are: - Modify the copy in/out routines to adapt them to a variety of input or output file formats. The current implementation takes about 800 lines in one source file: ~/src/backend/commands/copy.c - Add medium security authentification to postgres. Currently, you have no security (everybody can connect to port 4321, while a postmaster is running), or good security, when you link in Kerberos. Kerberos needs an independant ticket server, which should run on a physically safe computer, which has no other stuff running. Installing Kerberos requires you to change the login software. I want something in between, which provides both good safety and is easy to install. How about doing the same thing, that Oracle does: an extra login when connecting to the database? The problem: Packet Sniffer. While transferring the password, anybody can listen. So all data transferred during authentification should be encrypted. I came to mind with a strange scheme, how this could be done. I have written a post to sci.crypt about it. Kai ^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: user authentification @ 1994-05-12 11:01 aronsson@lysator.liu.se parent: Kai Petzke <wpp@marie.physik.tu-berlin.de> 0 siblings, 0 replies; 2+ messages in thread From: aronsson@lysator.liu.se @ 1994-05-12 11:01 UTC (permalink / raw) To: linux-postgres@native-ed.bc.ca Kai wrote: >- Add medium security authentification to postgres. Currently, Sounds like a good idea. > I want something in between, which provides both good safety > and is easy to install. How about doing the same thing, that Informix OnLine (5.0) with Star/Net additions for client-server applications also uses a TCP port. The call that establishes the client-server connection must provide a user login and password. These are the same as used by the UNIX system where the server runs. The database server should do getpwent() and crypt() as appropriate. The security level is equivalent to that of network login (telnet). This means passwords are transported over the network. Users with higher demands on security should look for more advanced solutions. In Informix OnLine, any UNIX user can create a new database and be its administrator, granting rights for tables or views to specific users. I have seen other client-server systems that try to maintain their own list of user identities and passwords. My experience is that it gets too hard for each user to keep two passwords updated. I assume all database users would have user accounts on the server host. It seems I will spend the summer implementing parts of SQL3 for AMOS, which is our research prototype object-relational database system at EDSLAB, the Dept of CS, Linkoping University. See WWW for more info: http://www.lysator.liu.se:7500/dbms/Main.html Lars Aronsson. ^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~1994-05-12 11:01 UTC | newest] Thread overview: 2+ messages (download: mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 1994-05-11 20:29 user authentification Kai Petzke <wpp@marie.physik.tu-berlin.de> 1994-05-12 11:01 ` aronsson@lysator.liu.se
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox