Tom Lane wrote:
> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
> a good idea to replace this part of the default pg_hba.conf file:
You're probably not suggesting this, but I would be against a default
setting of 'samehost' used with 'trust'.
Essentially that would be the same as rlogin rsh, where if the user can
spoof a TCP connection, he can connect to postgresql. Depending on the
platform, an interface may have to be down for this to work.
Cheers,
Stef