Quick Links

Re: pg_hba.conf: samehost and samenet [REVIEW]

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	stef(at)memberwebs(dot)com, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Abhijit Menon-Sen <ams(at)toroid(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: pg_hba.conf: samehost and samenet [REVIEW]
Date:	2009-09-23 21:37:01
Message-ID:	4ABA94FD.9030202@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Tom Lane wrote:
> In this case what particularly scares me is the idea that 'samenet'
> might be interpreted to let in a larger subnet than the user expected,
> eg 10/8 instead of 10.0.0/24. You'd likely not notice the problem until
> after you'd been broken into ...
>
>

I haven't looked at this "feature" at all, but I'd be inclined, on the
grounds you quite reasonably cite, to require a netmask with "samenet",
rather than just ask the interface for its netmask.

cheers

andrew

In response to

Re: pg_hba.conf: samehost and samenet [REVIEW] at 2009-09-23 21:19:25 from Tom Lane

Responses

Re: pg_hba.conf: samehost and samenet [REVIEW] at 2009-09-23 21:40:34 from Tom Lane
Re: pg_hba.conf: samehost and samenet [REVIEW] at 2009-09-23 21:46:10 from Mark Mielke

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2009-09-23 21:40:34	Re: pg_hba.conf: samehost and samenet [REVIEW]
Previous Message	Mark Mielke	2009-09-23 21:36:06	Re: pg_hba.conf: samehost and samenet [REVIEW]