Re: [HACKERS] Another crack at doing a Win32

I wrote:

>Magnus Hagander said:
>
>
>>>Is there a case for forcing -i and ignoring the GUC setting
>>>on Windows? Since we can't do Unix domain sockets there it
>>>would seem to make sense.
>>>
>>>
>>Yeah, that could be done. I was more into doing a generic fix that
>>would fail gracefully in any case when the server is not listening on
>>anything (no Unix, no TCPIP) and error out then.
>>
>>Are there any other platforms which don't have unix sockets? If not,
>>then that thought is not valid, and we shuold just force it on win32.
>>If not, how do they handle starting of the postmaster without -i today?
>>And do we want the same behaviour there?
>>
>>Perhaps we should force it to open a tcp socket on 127.0.0.1 only? That
>>way we don't suddenly open up to external connections without the user
>>asking for it.
>>
>>
>>
>
>Hmm. That also raises the question of what we should do if virtual_host is
>set.
>
>[thinks some more ...]
>
>
>
.....

How does this sound?

. if -i/tcpip_socket is not set, then bind to localhost
. if -i/tcpip_socket is set, and virtual_host is not set, behave as now
(i.e. bind to all addresses)
. if -i/tcpip_socket is set, and virtual_host is set, bind to all but
immediately close connections where the local address is not either
localhost or the virtual_host.

That seems to me to get as close as reasonably possible to the Unix
behaviour. I don't think that always allowing localhost connections on
Windows is a big security risk.

Also, what is the default connection mode of psql? It should probably be
equivalent to "-h localhost", shouldn't it?

I haven't thought through what might be the IP4/IP6 implications.

cheers

andrew