From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc> |
Cc: | Brendan Jurd <direvus(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Gurjeet Singh <singh(dot)gurjeet(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
Subject: | Re: Spoofing as the postmaster |
Date: | 2007-12-23 06:45:14 |
Message-ID: | 3793.1198392314@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Mark Mielke <mark(at)mark(dot)mielke(dot)cc> writes:
> Brendan Jurd wrote:
>> It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea
>> a good one in any case?
>>
> What makes it good? It solves no problems. It prevents the server from
> coming up when it otherwise might still be able to.
The primary reason things work like that is that there are boatloads of
machines that are marginally misconfigured. For instance, userland
thinks there is IPv6 support when the kernel thinks not (or vice versa).
If we made the postmaster abort every time it couldn't latch onto every
address that the listen_addresses setting suggested it might be able to
latch onto, what we'd mostly accomplish is to drive away a lot of
potential users.
Given that everyone agrees that this change wouldn't actually fix
anything w.r.t. spoofing, I don't think there's grounds for making it.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Gregory Stark | 2007-12-23 07:18:32 | Re: viewing source code |
Previous Message | Mark Mielke | 2007-12-23 06:29:13 | Re: Spoofing as the postmaster |