| From: | Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp> |
|---|---|
| To: | marko(at)karppinen(dot)fi |
| Cc: | pgman(at)candle(dot)pha(dot)pa(dot)us, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: enabling tcpip_socket by default |
| Date: | 2004-05-17 07:40:25 |
| Message-ID: | 20040517.164025.35007710.t-ishii@sra.co.jp |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > Tatsuo Ishii wrote:
> >> Is there any security risk if we enable tcpip_socket by default? We
> >> restrict connection from localhost only by default so I think enabling
> >> tcpip_socket adds no security risk. Please correct me if I am wrong.
>
> Bruce Momjian wrote:
> > Right, and 7.5 will ship with tcp and localhost enabled.
>
> If the default will be to listen on all interfaces, not just 127.0.0.1,
> then this IS a security risk. And if that's not the plan, what good does
> this change do? Any "real" use of tcp would still require a
> configuration
> change anyway.
Consider a program using JDBC on localhost. It can only reach to
PostgreSQL via TCP/IP.
--
Tatsuo Ishii
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marko Karppinen | 2004-05-17 07:48:14 | Re: enabling tcpip_socket by default |
| Previous Message | Philip Yarra | 2004-05-17 07:40:06 | Re: enabling tcpip_socket by default |