| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Use "samehost" by default in pg_hba.conf? |
| Date: | 2009-10-01 04:36:15 |
| Message-ID: | 10672.1254371775@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
>> (Note that you would still need a non-default setting of
>> listen_addresses for "-h machine_name" to actually work.)
> Which makes this proposal kind of uninteresting.
Well, it's one less thing that has to be fixed for local connections
to work smoothly.
> Plus, with @authmethod@ being mostly "trust", how much faith do we have
> in samehost never giving any false positives?
Having looked at the code, I think that samehost is pretty safe. I'm
still worried about samenet picking up a bogusly broad netmask --- but
samehost hard-wires the netmask at all-ones. Even if your network
configuration is really screwed up, the kernel isn't going to send that
traffic off-machine. So I think it will act as advertised.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-10-01 04:53:08 | Re: Use "samehost" by default in pg_hba.conf? |
| Previous Message | Peter Eisentraut | 2009-10-01 04:30:38 | Re: Use "samehost" by default in pg_hba.conf? |