Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] Another crack at doing a Win32

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>,pgsql-hackers-win32(at)postgresql(dot)org
Subject: Re: [HACKERS] Another crack at doing a Win32
Date: 2004-03-05 16:58:50
Message-ID: 8464.1078505930@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-hackers-win32pgsql-patches
> Andrew Dunstan wrote:
>> That seems to me to get as close as reasonably possible to the Unix 
>> behaviour. I don't think that always allowing localhost connections on 
>> Windows is a big security risk.

Is it a big security risk anywhere?  Perhaps there is a case to be made
that on all platforms, "-i" should enable or disable only nonlocal
connections.  Without -i we'd only allow binding to loopback ports
(either IP4 or IP6).

Aside from keeping the Windows and Unix behaviors similar, this would be
of some positive benefit for people who use TCP-only clients.  They'd
not have to remember to set -i anymore, unless they want remote access.

In response to Andrew's table, here's what I'm visualizing:

* No -i: bind only to loopback addresses (both IP4 and IP6 if available).
* With -i, but not virtual_host: bind to all available addresses.
* With -i and virtual_host: bind to specified address(es) only.

(Note this is orthogonal to pg_hba.conf checks; we are talking about
what socket addresses the postmaster listens on.)

I don't have a strong feeling about the case of virtual_host without -i.
The above says to ignore virtual_host, but maybe we should instead
ignore the lack of -i and do what virtual_host says.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Steve CrawfordDate: 2004-03-05 16:59:27
Subject: Re: Sigh, 7.3.6 rewrap not right
Previous:From: scott.marloweDate: 2004-03-05 16:47:26
Subject: Re: [HACKERS] Tablespaces

pgsql-patches by date

Next:From: Andrew DunstanDate: 2004-03-05 17:38:13
Subject: Re: [HACKERS] Another crack at doing a Win32
Previous:From: Stephan SzaboDate: 2004-03-05 16:57:01
Subject: Re: notice about costly ri checks (2)

pgsql-hackers-win32 by date

Next:From: Andrew DunstanDate: 2004-03-05 17:38:13
Subject: Re: [HACKERS] Another crack at doing a Win32
Previous:From: scott.marloweDate: 2004-03-05 16:47:26
Subject: Re: [HACKERS] Tablespaces

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group