Re: pg_hba.conf: samehost and samenet [REVIEW]

On Wed, Sep 23, 2009 at 3:53 PM, Stef Walter <stef-list(at)memberwebs(dot)com> wrote:
> Robert Haas wrote:
>> On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter <stef-list(at)memberwebs(dot)com> wrote:
>>> Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
>>> order to allow access from nearby machines, without running into the
>>> maintenance problems of hard coding IP addresses. However using 0.0.0.0
>>> is clearly suboptimal from a security perspective.
>>
>> If people aren't willing to take the time (5 minutes?) to create an
>> hba.conf file that implements a reasonable security policy, I'm not
>> sure anything we can do - and certainly not this - is going to help
>> very much.  I haven't really looked at this patch, but how confident
>> are we that this is actually portable?  It would be a shame to spend a
>> lot of time and energy troubleshooting portability problems with a
>> feature that - IMO - has a fairly marginal use case to begin with.
>
> Obviously this isn't the an authentication method. If you're using
> 'trust' authentication with anything but unix sockets you're pretty
> screwed anyway. This is used in conjuction with an authentication method.
>
> The core problem is with renumbering. Due to IPv4 addresses becoming
> more and more scarce, ISPs are regularly foisting renumbering on their
> customers. For example, it's in all the new contracts.
>
> Often renumbering takes place on networks where the original developers
> are long gone.
>
> Postgresql has always been very fragile when renumbering due to hard
> coded IP addresses in the pg_hba.conf file. This patch solves that
> problem for most of the cases, where hosts nearby on the network can
> talk to postgresql hosts without putting fragile rules into pg_hba.conf.
>
> Allowing host names in pg_hba.conf would also solve this problem,
> although the last person who tried to implement this it was a topic of
> contention. I asked if I should focus on reverse DNS host names in
> pg_hba.conf or portability for this samenet patch, and it was indicated
> that I should do the latter.
>
> If there is clear direction within the community to work on DNS based
> stuff in pg_hba.conf I'd be willing to contribute effort there.

Personally, I can't imagine using any of these for anything that I
cared very much about. IP renumberings are a pain, but I'd rather
take a little extra time to make sure it gets done right. I have
other things that would need to be fixed too, besides PostgreSQL: for
example, IP tables rules.

That having been said, I don't think it's my place to harangue someone
else about their feature because it doesn't fit my use case. But if
it's going to make PostgreSQL not compile/not work the same way on
platforms that we otherwise support, then I think it's a bad idea.
Otherwise I have no objection.

...Robert