Skip site navigation (1) Skip section navigation (2)

Re: BUG #5559: Full SSL verification fails when hostaddr provided

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Christopher Head <chris2k01(at)hotmail(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date: 2010-07-15 15:58:06
Message-ID: 6245.1279209486@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> Reviewing what's currently on developer.postgresql.org, here's what I
> think the docs would read and what the associated code behavior should
> be (which I think it's pretty close to already, but perhaps not
> entirely..):

I think this is overcomplicated and probably wrong in detail.

I suggest that we document hostaddr as being an auxiliary field that is
not intended to be the primary source of the host name, but merely saves
libpq from having to do a forward DNS lookup.  In some cases it will
work to supply hostaddr without host, but in others it won't.  We should
also state that supplying it does not guarantee no DNS lookups occur,
because these external auth libraries will do one anyway.

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Stephen FrostDate: 2010-07-15 20:03:05
Subject: Re: BUG #5559: Full SSL verification fails when hostaddrprovided
Previous:From: Stephen FrostDate: 2010-07-15 12:59:11
Subject: Re: BUG #5559: Full SSL verification fails when hostaddrprovided

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group