Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> Excerpts from Bruce Momjian's message of vie feb 24 19:19:10 -0300 2012:
>> In looking over our authentication code, I noticed that we create the
>> child process before we check any of the pg_hba.conf file. Now, I
>> realize we can't do authentication in the postmaster because of possible
>> delay, and checking the user name and database name filters is just work
>> that is better done in the child, but checking the IP address might
>> prevent unauthorized clients from causing excessive process creation on
>> the server. I know we have listen_addresses, but that defaults to "*"
>> on the click-through installers, and not everybody knows how to set up a
> Hm, one thing to keep in mind is that we allow hostnames there. It'd be
> a pain to have postmaster hang while resolving names.
Yes. This cure would be a lot worse than the disease. Bruce ought to
remember that we intentionally moved all that logic *out* of the
postmaster process, years ago, precisely because it was too hard to
ensure that the postmaster wouldn't block and thus create DOS conditions
of another sort.
regards, tom lane
In response to
pgsql-hackers by date
|Next:||From: John R Pierce||Date: 2012-02-24 23:58:35|
|Subject: Re: Behavior of subselects in target lists and order by|
|Previous:||From: Peter van Hardenberg||Date: 2012-02-24 23:44:18|
|Subject: Re: psql \i tab completion initialization problem on HEAD|