Quick Links

Re: Use "samehost" by default in pg_hba.conf?

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	stef(at)memberwebs(dot)com
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Use "samehost" by default in pg_hba.conf?
Date:	2009-10-01 15:35:23
Message-ID:	19749.1254411323@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Stef Walter <stef-list(at)memberwebs(dot)com> writes:
> Tom Lane wrote:
>> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
>> a good idea to replace this part of the default pg_hba.conf file:

> You're probably not suggesting this, but I would be against a default
> setting of 'samehost' used with 'trust'.

> Essentially that would be the same as rlogin rsh, where if the user can
> spoof a TCP connection, he can connect to postgresql. Depending on the
> platform, an interface may have to be down for this to work.

Is there any actual risk here that we aren't taking already just by
allowing 127.0.0.1?

regards, tom lane

In response to

Re: Use "samehost" by default in pg_hba.conf? at 2009-10-01 13:47:31 from Stef Walter

Responses

Re: Use "samehost" by default in pg_hba.conf? at 2009-10-01 15:47:28 from Robert Haas
Re: Use "samehost" by default in pg_hba.conf? at 2009-10-01 17:56:04 from Stef Walter

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Euler Taveira de Oliveira	2009-10-01 15:38:23	Re: Limit allocated memory per session
Previous Message	decibel	2009-10-01 15:24:37	Re: FSM search modes