| From: | Chris Jones <cjones(at)rightnowtech(dot)com> |
|---|---|
| To: | Ron Chmara <ron(at)opus1(dot)com> |
| Cc: | Postgres <pgsql-general(at)postgreSQL(dot)org> |
| Subject: | Re: [GENERAL] DHCP and pg_hba.conf |
| Date: | 2000-03-07 00:05:10 |
| Message-ID: | x6zosb63wp.fsf@reddwarf.rightnowtech.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ron Chmara <ron(at)opus1(dot)com> writes:
> running security off of names would be much slower, as each session had
> to waste time on name lookups rather than just mapping to the address.
Another note: Many programs which implement host-based ACLs seem to
just do a reverse lookup on the IP of the client. This is a very bad
idea (IMHO):
Let's say you're running a database that allows connections from
yourdomain.com, and I want to break in. If I control a nameserver
that's authoritative for my own IP address range, I can break in
simply by creating a PTR record for my machine which points to
"something.yourdomain.com."
The right way to implement host-based ACLs is to do a double lookup;
resolve the IP to a hostname, and then verify that the hostname
resolves back to the original IP.
With such a system in place in PostgreSQL, it might be more reasonable
to allow something like "%.accounting.mycompany.com" in an ACL.
Chris
--
---------------------------------------------------- cjones(at)rightnowtech(dot)com
Chris Jones
System Administrator, Right Now Technologies, Inc.
"Is this going to be a stand-up programming session, sir, or another bug hunt?"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Atkins | 2000-03-07 00:29:55 | Re: [GENERAL] DHCP and pg_hba.conf |
| Previous Message | Ron Chmara | 2000-03-06 23:21:07 | Re: [GENERAL] DHCP and pg_hba.conf |