| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | stef(at)memberwebs(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Use "samehost" by default in pg_hba.conf? |
| Date: | 2009-10-01 15:47:28 |
| Message-ID: | 603c8f070910010847s7941c920y21e00a021f03cdcc@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Oct 1, 2009 at 11:35 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Stef Walter <stef-list(at)memberwebs(dot)com> writes:
>> Tom Lane wrote:
>>> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
>>> a good idea to replace this part of the default pg_hba.conf file:
>
>> You're probably not suggesting this, but I would be against a default
>> setting of 'samehost' used with 'trust'.
>
>> Essentially that would be the same as rlogin rsh, where if the user can
>> spoof a TCP connection, he can connect to postgresql. Depending on the
>> platform, an interface may have to be down for this to work.
>
> Is there any actual risk here that we aren't taking already just by
> allowing 127.0.0.1?
I wouldn't bet that there isn't. I don't really think there's any
need for our default configuration to be at the mercy of every half-
baked TCP/IP implementation out there. A socket file in /tmp can't be
remotely hacked (well, not directly anyway); anything else is further
from a sure thing.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2009-10-01 15:47:36 | Re: Hot Standby on git |
| Previous Message | Bill Moran | 2009-10-01 15:46:38 | Re: Limit allocated memory per session |