Secure Postgres access

Paul Rubin http
Fri Sep 8 04:08:26 CEST 2006


Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
> You'd use SCM_CREDENTIALS to
> authenticate the user ID, then send the Postgres client's originating
> TCP port number over the Unix socket, and that would tell the SSH
> client that it could then start forwarding the TCP packets.  Yucch,
> this is messy.  Maybe something like it exists already somewhere.

Actually maybe this can still be spoofed, e.g. perhaps someone can
jump into someone else's existing TCP connection on the local machine
through the TAP interface.  It might be ok, but you or some TCP wizard
better first think about it carefully.  I'm not expert enough about
socket programming to know.  You'd think there's a solution.



More information about the Python-list mailing list