On 8/18/2014 5:45 PM, Ken Tanzer wrote:
I used to have my db and linux usernames match, until this issue came along: http://www.postgresql.org/support/security/faq/2013-04-04/. It specifically mentions potentially increased vulnerability if the names match. So when I set up a new server I had them not match. I know this particular issue is fixed. But are there other ways that having the names match could potentially increase vulnerability (even if not known or identified yet), or am I pointlessly "fighting the last war" by keeping the names different?
afaik that exploit only applies when the user is coming in over tcp/ip -- john r pierce 37N 122W somewhere on the middle of the left coast -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
