| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Dave Page <dpage(at)pgadmin(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Getting rid of "accept incoming network connections" prompts on OS X |
| Date: | 2014-10-25 13:22:30 |
| Message-ID: | 544BA416.7070300@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/24/14 9:39 AM, Tom Lane wrote:
> Peter, Dave: maybe you have tweaked things to keep listen_addresses
> empty and rely only on Unix-socket connections?
I can confirm that I do get the popup when starting an installed
postmaster with the default settings.
Given that this doesn't affect "make check" anymore, I'm unsure about
this patch. There is a lot of magic in the configure change. I don't
know what to pass as the configure option argument, so can't really
evaluate that. I'd like to see an explanation for what is done there.
I'm afraid there is security ridicule potential. We are essentially
adding an option to patch out an operating system security feature that
the user chose. Some might find that neat and ship binaries built that
way. Because it's "--with-codesign" and not
"--with-codesign-for-devel-dont-use-in-production".
Have we dug deep enough into the firewall configuration to evaluate
other options? Can we, for example, exclude a port range?
I could see adding this as a contrib script if we don't find a better way.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ali Akbar | 2014-10-25 13:58:01 | Re: Function array_agg(array) |
| Previous Message | Peter Eisentraut | 2014-10-25 13:06:38 | Re: Getting rid of "accept incoming network connections" prompts on OS X |