| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | stef(at)memberwebs(dot)com |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Abhijit Menon-Sen <ams(at)toroid(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_hba.conf: samehost and samenet [REVIEW] |
| Date: | 2009-09-23 18:30:34 |
| Message-ID: | 603c8f070909231130i557c41fet53114cb22f69331c@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter <stef-list(at)memberwebs(dot)com> wrote:
> Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
> order to allow access from nearby machines, without running into the
> maintenance problems of hard coding IP addresses. However using 0.0.0.0
> is clearly suboptimal from a security perspective.
If people aren't willing to take the time (5 minutes?) to create an
hba.conf file that implements a reasonable security policy, I'm not
sure anything we can do - and certainly not this - is going to help
very much. I haven't really looked at this patch, but how confident
are we that this is actually portable? It would be a shame to spend a
lot of time and energy troubleshooting portability problems with a
feature that - IMO - has a fairly marginal use case to begin with.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hans-Juergen Schoenig -- PostgreSQL | 2009-09-23 18:53:54 | Re: SELECT ... FOR UPDATE [WAIT integer | NOWAIT] for 8.5 |
| Previous Message | David E. Wheeler | 2009-09-23 18:29:17 | Re: Unicode Normalization |