Re: listening addresses

Josh Berkus wrote:
> Andrew, Tom:
>
> This will be a really nice feature for those of us with PG servers that
> participate in VPNs. Currently I'm blocking certain interfaces using
> pg_hba.conf but would prefer a "listen" address instead.
>
> Of course, the drawback to this is that confused DBAs will have their
> pg_hba.conf conflict with their postgresql.conf, and cut off all access to
> the DB. But I don't know how we can protect against that.
>
> Might I suggest that this default to "127.0.0.1" in postgresql.conf.sample?
> This is a reasonably safe default, and would allow us to use the same default
> for Windows as for other OSes. It would also eliminate about 15% of the
> questions I get on a weekly basis from PHP users. ("uncomment the line
> tcpip_sockets ...").
>
> If I had time, I would also love to see setting the password for the postgres
> user become part of the initdb script. However, I can see that this wouldn't
> work with packages.

Why couldn't we do something where we ask for a password only if stdin
is from a terminal?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073