Re: Patch to make postmaster bind to only to localhost.

I am inclinded to skip this patch. We already have too many postmaster
options, and I don't think adding something that already is done in
pg_hba.conf is a big help. Sorry.

> All,
>
> The company I work, DataSoft, for is doing a web based project
> that uses Java and the JDBC driver for postgres. Aperently the
> developers have told me that the JDBC requires the -i option on
> postmaster. The only problem is this leves a visibility to the
> outside world that we are using postmaster, or some other service.
> Now we do have the pg_hba.conf configured to allow connections
> from only that box it self, but you can never be two parinoid.
>
> The patch that is attached adds a "-L" option to postmaster, which
> tells postmaster to bind only to 127.0.0.1 or localhost. Now this
> port is not exposed to the outside world, ie port scanners can't
> detect it, and we can run our Java code with a little more comfort.
>
> The patch is against the postgresql-7.0.2 source tree.
>
> The patch was minimally test under Linux kernel 2.2.5 using
> a RedHat 6.0 distribution.
>
> The files effected are
> postgresql-7.0.2/src/backend/libpq/pqcomm.c
> postgresql-7.0.2/src/include/libpq/libpq.h
> postgresql-7.0.2/src/backend/postmaster/postmaster.c
>
> The patch just addes the -L option with a bool flag variable
> BindLocalOnly to postmaster.c
>
> Also the StreamServerPort function was modified to tha an extra
> bool arguement which then if true causes the socket to be bound
> to INADDR_LOOPBACK instead of INADDR_ANY.
>
> The patch is just a tar.gz file that extracts over the postgresql-7.0.2
> source tree.
>
> If there are any issues pleas let me know.
>
> Thanks,
>
> John C. Quillan
> john_quillan(at)datasoft(dot)com

[ application/x-gzip is not supported, skipping... ]

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026