| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Checking pg_hba.conf in the child process |
| Date: | 2012-02-24 23:45:58 |
| Message-ID: | 3763.1330127158@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> Excerpts from Bruce Momjian's message of vie feb 24 19:19:10 -0300 2012:
>> In looking over our authentication code, I noticed that we create the
>> child process before we check any of the pg_hba.conf file. Now, I
>> realize we can't do authentication in the postmaster because of possible
>> delay, and checking the user name and database name filters is just work
>> that is better done in the child, but checking the IP address might
>> prevent unauthorized clients from causing excessive process creation on
>> the server. I know we have listen_addresses, but that defaults to "*"
>> on the click-through installers, and not everybody knows how to set up a
>> firewall.
> Hm, one thing to keep in mind is that we allow hostnames there. It'd be
> a pain to have postmaster hang while resolving names.
Yes. This cure would be a lot worse than the disease. Bruce ought to
remember that we intentionally moved all that logic *out* of the
postmaster process, years ago, precisely because it was too hard to
ensure that the postmaster wouldn't block and thus create DOS conditions
of another sort.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John R Pierce | 2012-02-24 23:58:35 | Re: Behavior of subselects in target lists and order by |
| Previous Message | Peter van Hardenberg | 2012-02-24 23:44:18 | Re: psql \i tab completion initialization problem on HEAD |