Re: Use "samehost" by default in pg_hba.conf?

From: Stef Walter <stef-list(at)memberwebs(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgreSQL(dot)org
Subject: Re: Use "samehost" by default in pg_hba.conf?
Date: 2009-10-01 13:50:06
Message-ID: 4AC4B38E.3090902@memberwebs.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:
> Having looked at the code, I think that samehost is pretty safe. I'm
> still worried about samenet picking up a bogusly broad netmask --- but
> samehost hard-wires the netmask at all-ones. Even if your network
> configuration is really screwed up, the kernel isn't going to send that
> traffic off-machine. So I think it will act as advertised.

But will it accept traffic from off machine? If so, then essentially the
only line of defense is the security of the TCP stack. Or am I missing
something?

Cheers,

Stef

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2009-10-01 13:54:37 Re: Rejecting weak passwords
Previous Message Stef Walter 2009-10-01 13:47:31 Re: Use "samehost" by default in pg_hba.conf?