From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: TCP/IP with 7.4 beta2 broken? |
Date: | 2003-09-03 18:16:06 |
Message-ID: | 200309031816.h83IG6q08452@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Andrew Dunstan wrote:
> > This doesn't look consistent to me. Local addresses can be all
> > addresses that the host's interfaces are currently configured with,
> > loopback is nothing special in this sense. The admin can easily do
> > 'ifconfig' to see all addresses configured and enter them into
> > pg_hba.conf, because these addresses are obvious.
>
>
> We currently have this in the default pg_hba.conf file:
>
> host all all 127.0.0.1 255.255.255.255 trust
>
> The idea was to have something which would perform equivalently on IP4
> only, IP4 over IP6 and pure IP6 connections, without breaking the
> postmaster host in any of them.
>
> It is perfectly true that it could be mangled by the administrator -
> this would save him/her having to do so for the default case. In my
> proposal you would replace this default line with:
>
> loopback all all trust
>
> It's the fact that it is the default that makes it special. Does that
> make things clearer?
We have avoided doing dns lookups from pg_hba.conf, and hence the use of
127.0.0.1 instead of localhost. Now that we cache pg_hba.conf, we could
consider allowing hostnames in pg_hba.conf. Is that a TODO?
As for the IPv6 issue --- how prevalent is this problem. What OS
versions are affected? Has the user done something special to enable
this?
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2003-09-03 18:19:48 | Re: Regarding PostgreSQL Doubt |
Previous Message | Larry Rosenman | 2003-09-03 18:03:27 | Re: Unixware Patch (Was: Re: Beta2 Tag'd and Bundled ...) |