| From: | The Hermit Hacker <scrappy(at)hub(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | "John C(dot) Quillan" <john_quillan(at)datasoft(dot)com>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Patch to make postmaster bind to only to localhost. |
| Date: | 2000-09-12 16:10:22 |
| Message-ID: | Pine.BSF.4.21.0009121306030.1305-100000@thelab.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
On Tue, 12 Sep 2000, Bruce Momjian wrote:
> > On Tue, 12 Sep 2000, Bruce Momjian wrote:
> >
> > > > On Tue, 12 Sep 2000, Bruce Momjian wrote:
> > > >
> > > > > The big question is why we can't just scan pg_hba.conf and bind only
> > > > > to those ip's. That way, we don't have to have a new flag. It will
> > > > > all happen by default.
> > > >
> > > > huh? pg_hba.conf references IPs on remote hosts ... won't you find i
> > > > tkinda difficult to bind to them? :)
> > >
> > > Well, we list the IP numbers we will accept connections from in
> > > pg_hba.conf. If only on IP address appears on the file, why not just
> > > bind to that one only?
> >
> > okay, unless my read of Steven's missed something, you cannot bind to *the
> > remote host* ... you can only bind to an IP on the local machine
> > ... pg_hba.conf lists *remote hosts*, not local ones ...
> >
> > Basically, binding means listening to a specific interface ... since the
> > remote host IP is not a local IP, you can't listen on that interface ...
>
> OK, but how then does -L work? Seems it only accept 127.0.0.1 connections.
it binds the postmaster process to the 127.0.0.1 (localhost) interface
that is on your computer ... so that if I try to connect 127.0.0.1 on that
machine, I'll get the postmaster, any other IP on that machine will get me
a 'connection refused, no such service' ...
Right now, with pg_hba.conf, everything is wide up as far as what
interface I can connect *to*, and after that connection, then it decides
if it wants to keep me or not based on my IP ...
actually, my first para isa bit wrong, since nobody but the *loocal*
machine can connect to 127.0.0.1, since, were you try try, for instance:
telnet 127.0.0.1 smtp
on your machine, you would connect to *your* smtp daemon ...
John's problem is that the software he's wanting to use on the local
machine requires him to start it up with -i, even though he's *on* the
local machine, so where he could normally use Unix-Domain Sockets, the app
can't use it, and he wishes to eliminate the knowledge of PostgreSQL
running on his machine to the outside world ...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2000-09-12 16:14:37 | Re: Patch to make postmaster bind to only to localhost. |
| Previous Message | Bruce Momjian | 2000-09-12 16:02:51 | Re: Patch to make postmaster bind to only to localhost. |