| From: | Tino Wildenhain <tino(at)wildenhain(dot)de> |
|---|---|
| To: | Stephen McConnell <mcconnell_stephen(at)yahoo(dot)com> |
| Cc: | pgadmin-support(at)postgresql(dot)org |
| Subject: | Re: Firewall Locks Windows Version |
| Date: | 2005-08-25 08:41:49 |
| Message-ID: | 430D844D.5020906@wildenhain.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
Stephen McConnell schrieb:
> Dave
>
> "Functions like gethostbyname() are written by Microsoft, not us. If
> they
> don't return, there's not much we can do. I suppose we could run every
> system call in a different thread so we can abort if it doesn't return,
> but that would bring a whole new meaning to the term 'bloatware' and
> would probably mean we would still be writing the connect code."
>
> While you probably don't need to write a new thread for each and every
> system call, PROFESSIONAL PROGRAMMING DISCIPLINE determines which
> system calls could possibly hang a program and performs the appropriate
> exception handling. Any other development process that writes a widely
> distributed application to be used on a particular platform (Open
> source or not) is hubris (very much like Microsoft, I'll admit).
"PROFESSIONNAL PROGRAMMING" is paid programming. So this is an
offer on sponsorship by you?
>
> "Configure a sensible firewall policy that allows pgAdmin to perform
> lookups? If your firewall doesn't allow you to do this, throw it in the
> bin and get a decent one."
>
> I was wondering if you had a constructive solution, since the
> organization I work in uses Norton Anti Virus and Internet Firewall as
> a standard and I can't simply just "throw it in the bin." I hate
> having to try to configure a new rule, have pgAdmin hang and then retry
> a new rule.
The Norton Anti Virus and foobar is probably the worst "security
solution" one can buy. Maybe your company should invest in a
consultant rather then believe in false security?
You dont believe? Scan securityfocus mailinglist for further details.
> Since, I don't need a DNS server (I'm using ip addresses rather than
> names to access PostgreSQL on another server), maybe there could be an
> option added that disables this "feature".
Why? You could as well add sensible configuration - which is the whole
point of having a firewall :-) Btw, the sources are open - you
can make and submit a patch if you dont like particular implementation :-)
You can even privately patch your copy in any way you like.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tino Wildenhain | 2005-08-25 13:32:56 | Re: Firewall Locks Windows Version |
| Previous Message | Stephen McConnell | 2005-08-25 01:02:47 | Re: Firewall Locks Windows Version |