| From: | Dimitri Fontaine <dfontaine(at)hi-media(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Use "samehost" by default in pg_hba.conf? |
| Date: | 2009-10-01 08:29:18 |
| Message-ID: | 87my4b34bl.fsf@hi-media-techno.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
>> On Wed, 2009-09-30 at 22:08 -0400, Tom Lane wrote:
>>> (Note that you would still need a non-default setting of
>>> listen_addresses for "-h machine_name" to actually work.)
>
>> Which makes this proposal kind of uninteresting.
As already said, it's one less step to have it working. This hba file is
hard to get at for a lot of newbies we see on IRC. +1 for default
configuration using samehost.
> Although come to think of it ... is there any reason besides sheer
> conservatism to not make the default listen_addresses value '*'?
> It won't result in letting in any outside connections unless you
> also add pg_hba.conf entries.
Everywhere possible I have listen_addresses set to '127.0.0.1' a
pgbouncer instance for clients to connect to, on the non loopback
interface. That allows me to be sure that developers won't accidently
bypass pgbouncer. But as we're only talking about default setup, Magnus
argument weights much more (no DOS or portscan).
Regards,
--
dim
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Abhijit Menon-Sen | 2009-10-01 09:22:16 | Re: Use "samehost" by default in pg_hba.conf? |
| Previous Message | Richard Huxton | 2009-10-01 08:12:24 | Re: navigation menu for documents |