| From: | Curt Sampson <cjs(at)cynic(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>, Kurt Roeckx <Q(at)ping(dot)be>, Greg Copeland <greg(at)CopelandConsulting(dot)Net>, Andrew Sullivan <andrew(at)libertyrms(dot)info>, PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Linux.conf.au 2003 Report |
| Date: | 2003-02-02 18:51:36 |
| Message-ID: | Pine.NEB.4.51.0302030348330.509@angelic.cynic.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-advocacy pgsql-hackers |
On Sun, 2 Feb 2003, Tom Lane wrote:
> I think I was the one who talked us into assuming that ipv4 and ipv6
> should be treated as a single protocol. But some people have since made
> pretty good cases that it's better to regard them as separate protocols.
From a security standpoint, I think it's definitely better to regard
them as separate protocols. They are certainly separately filtered on
firewalls, and they are often routed differently, too.
That said, I see no reason not to have some sort of easy way of saying,
"listen on all the interfaces you can find using all the protocols you
know." So long as you have the ability to distinguish where you listen
by both protocol and address, it's easy to be as secure as you need to be.
cjs
--
Curt Sampson <cjs(at)cynic(dot)net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kurt Roeckx | 2003-02-02 19:13:40 | Re: Linux.conf.au 2003 Report |
| Previous Message | Tom Lane | 2003-02-02 17:49:34 | Re: Linux.conf.au 2003 Report |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kurt Roeckx | 2003-02-02 19:13:40 | Re: Linux.conf.au 2003 Report |
| Previous Message | Hans-Jürgen Schönig | 2003-02-02 18:18:51 | Re: COUNT and Performance ... |