From: | Jan Ogrodowczyk <Jan(dot)Ogrodowczyk(at)qlik(dot)com> |
---|---|
To: | "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Postgres 9.6.1 accepts connections from not allowed Ip addresses |
Date: | 2016-11-17 10:58:52 |
Message-ID: | DM5PR18MB1305B3883BB865DC8F6BD55483B10@DM5PR18MB1305.namprd18.prod.outlook.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Hi, I wanted to report a bug that I found while using postgres 9.6.1.
Summary: The database accepts connections from addresses that were previously allowed but later on have been excluded in the postgresql.conf & pg_hba.conf files.
Step by step
1. Set up an environment where the postgresql.conf file is set to "listen_addresses = '*'" and pg_hba.conf includes the following line "host all all 0.0.0.0/0 md5" (This is just an example, the issue can be reproduced with a range of other ip addresses, like your local host).
2. Connect your application to the database and make sure everything is up and running.
3. Exclude the ip-address that is connected to the database from pg_hba.conf or listen_addresses. Eg if your application users ip address 192.168.1.1, comment (add a # or remove the entire row) the row you added in step 1 in the pg_hba.conf file and/or change listen_addresses to 'localhost'. Restart the service postgresql-x64-9.6 to be sure that the new settings are active.
4. The application is still connected to the database even though the access should be denied. As a matter of fact you are still able to write data to the database. Only when the remote application shuts its connection down and re-connects it is rejected by postgres.
This issue cannot be reproduced on postgres 9.3
OS: Windows 10
Best Regards Jan Ogrodowczyk, if you have any questions do not hesitate to ask.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2016-11-17 14:35:41 | Re: Postgres 9.6.1 accepts connections from not allowed Ip addresses |
Previous Message | gergely | 2016-11-17 10:36:29 | BUG #14427: Missing pg_controlldata alternatives |