| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Checking pg_hba.conf in the child process |
| Date: | 2012-02-24 22:34:07 |
| Message-ID: | 20120224223407.GA10691@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Feb 24, 2012 at 07:27:06PM -0300, Alvaro Herrera wrote:
>
> Excerpts from Bruce Momjian's message of vie feb 24 19:19:10 -0300 2012:
> > In looking over our authentication code, I noticed that we create the
> > child process before we check any of the pg_hba.conf file. Now, I
> > realize we can't do authentication in the postmaster because of possible
> > delay, and checking the user name and database name filters is just work
> > that is better done in the child, but checking the IP address might
> > prevent unauthorized clients from causing excessive process creation on
> > the server. I know we have listen_addresses, but that defaults to "*"
> > on the click-through installers, and not everybody knows how to set up a
> > firewall.
>
> Hm, one thing to keep in mind is that we allow hostnames there. It'd be
> a pain to have postmaster hang while resolving names.
Yes, we would still need to recheck the filter in the child because of
username/dbname limits, but your point is very valid --- any use of
hostnames in pg_hba.conf would prevent us from doing IP checks.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thom Brown | 2012-02-24 22:39:08 | Re: Command Triggers, patch v11 |
| Previous Message | Thom Brown | 2012-02-24 22:32:35 | Re: Command Triggers, patch v11 |