On Tue, Feb 5, 2013 at 12:07 PM, Shaun Thomas <sthomas@xxxxxxxxxxxxxxxx> wrote: > On 02/05/2013 12:44 PM, Scott Marlowe wrote: > >> Stop. If you want secure setups you don't hand out root access to >> lots of people. Trying to then make it secure is like closing the >> barn door after the horse has left. > > > I guess you missed the part where I said I thought we should lock root down > better. I can certainly influence that policy, but I can't enforce it. But > there's also this addendum I added: I don't miss much. I didn't miss that. You specifically said: "I agree that we should probably have our root access much more locked down than it is, but it's still a valid problem." Probably? Definitely. "I don't think I'd even want a restricted set of root users able to see my LDAP password in plain text." Why are you using LDAP and passing passwords for access to insecure systems? If you're passing PASSWORDS to an insecure system then you have a real problem. At least move to a token based system like kerberos where a lost token represents a short period of someone having the same access as you but not getting your password. Or just run your pg databases in trust or some simple md5 and use a different password. If you can't trust the machines on the other end, no amount of password mangling is going to help hide the passwords. You have to move to some other form of authentication or use passwords you don't care about. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general