| From: | Greg Stark <gsstark(at)mit(dot)edu> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: enabling tcpip_socket by default |
| Date: | 2004-05-17 21:09:35 |
| Message-ID: | 87ekpivjzk.fsf@stark.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Marko Karppinen <marko(at)karppinen(dot)fi> writes:
> On 17. touko 2004, at 10:40, Tatsuo Ishii wrote:
> > Consider a program using JDBC on localhost. It can only reach to
> > PostgreSQL via TCP/IP.
Huh? Why on earth would that be true? Is this a limitation of our JDBC
drivers?
> Ah! Of course. That makes sense, and listening on 127.0.0.1 never
> hurt anyone (except, of course, the tinfoil hat crowd nmapping
> localhost in a frenzy...)
Actually on many systems it was very possible to send packets to a machine
with a source address of 127.0.0.1 even over external networks or through
routers. Making an attack out of this on a TCP service would be difficult, but
it has been done.
Good OS distributions install network filters by default to refuse such
packets, but lots of OSes still don't do this.
--
greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Doug McNaught | 2004-05-17 21:39:11 | Re: enabling tcpip_socket by default |
| Previous Message | Greg Stark | 2004-05-17 21:06:18 | Re: Call for 7.5 feature completion |