Quick Links

Re: Use "samehost" by default in pg_hba.conf?

From:	Stef Walter <stef-list(at)memberwebs(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	pgsql-hackers(at)postgreSQL(dot)org
Subject:	Re: Use "samehost" by default in pg_hba.conf?
Date:	2009-10-01 13:47:31
Message-ID:	4AC4B2F3.2010007@memberwebs.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Tom Lane wrote:
> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
> a good idea to replace this part of the default pg_hba.conf file:

You're probably not suggesting this, but I would be against a default
setting of 'samehost' used with 'trust'.

Essentially that would be the same as rlogin rsh, where if the user can
spoof a TCP connection, he can connect to postgresql. Depending on the
platform, an interface may have to be down for this to work.

Cheers,

Stef

In response to

Use "samehost" by default in pg_hba.conf? at 2009-10-01 02:08:12 from Tom Lane

Responses

Re: Use "samehost" by default in pg_hba.conf? at 2009-10-01 15:35:23 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Stef Walter	2009-10-01 13:50:06	Re: Use "samehost" by default in pg_hba.conf?
Previous Message	Boszormenyi Zoltan	2009-10-01 13:47:07	Re: CommitFest 2009-09, two weeks on