From: | "Mark Woodward" <pgsql(at)mohawksoft(dot)com> |
---|---|
To: | "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, mark(at)mark(dot)mielke(dot)cc, "Andrew Dunstan" <andrew(at)dunslane(dot)net>, "Euler Taveira de Oliveira" <eulerto(at)yahoo(dot)com(dot)br>, "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, "Andreas Pflug" <pgadmin(at)pse-consulting(dot)de>, "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Why don't we allow DNS names in pg_hba.conf? |
Date: | 2006-02-13 12:57:24 |
Message-ID: | 18920.24.91.171.78.1139835444.squirrel@mail.mohawksoft.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
>
> Added to TODO:
>
> o Allow pg_hba.conf to specify host names along with IP addresses
>
> Host name lookup could occur when the postmaster reads the
> pg_hba.conf file, or when the backend starts. Another
> solution would be to reverse lookup the connection IP and
> check that hostname against the host names in pg_hba.conf.
> We could also then check that the host name maps to the IP
> address.
I'm not so sure you need to be paranoid about it. The scenario is, at
startup or HUP, names are looked up and stored as IP addresses. Then hba
works as it is supposed too.
"spoofing" is not really a problem, IMHO, because there should be a fire
wall between PostgreSQL (most services really) and the raw internet, *and*
the admin MUST have control over the authenticity of the name resolver. If
someone is in the position to spoof name resolution, they are probably
also in a position to spoof IP addresses.
While I do see a need for this, but not in a sense that any old name would
be used. I see it more like a data center wide "hosts" file use to
dedicate various IP addresses to various services, i.e. freedb, streetmap,
session, web0, web1, .., webn etc.
What also may be handy in this scenario is that the names must fall within
a range of acceptable addresses.
Range: 192.168.245.1 ... 192.168.254.254
joey (192.168.254.55) -- OK
joey (10.1.1.0) -- Not OK.
This would be useful to declare a range of addresses as having some level
of trust, and specific names within that range as having more (or less).
In this scenario, think of a VPN, "joey" may be a laptop, and while he is
on the VPN he is trusted, and when he is not on the vpn he is not trusted.
This is especially important with regards to cyber security.
From | Date | Subject | |
---|---|---|---|
Next Message | Simon Riggs | 2006-02-13 12:59:30 | Re: TODO-Item: B-tree fillfactor control |
Previous Message | Guido Barosio | 2006-02-13 12:35:40 | Re: How to VACUUM this table? "998994633 estimated total rows" |