Tom Lane wrote:
>Perhaps there is a case to be made
>that on all platforms, "-i" should enable or disable only nonlocal
>connections. Without -i we'd only allow binding to loopback ports
>(either IP4 or IP6).
>
>Aside from keeping the Windows and Unix behaviors similar, this would be
>of some positive benefit for people who use TCP-only clients. They'd
>not have to remember to set -i anymore, unless they want remote access.
>
>
I've been caught by this more than once, because I use local JDBC
clients, so now the first thing I do after initdb is to set tcpip_socket
to true.
>In response to Andrew's table, here's what I'm visualizing:
>
>* No -i: bind only to loopback addresses (both IP4 and IP6 if available).
>
>
OK.
>* With -i, but not virtual_host: bind to all available addresses.
>
>
OK.
>* With -i and virtual_host: bind to specified address(es) only.
>
>
Can you bind one socket to more than one address? My understanding is
that it's all (IN_ADDR_ANY or in6_addr_any) or one. In that case with
this proposal we'd have to force all the communications through that
interface on Windows. Or would we use multiple sockets (in which case
there is probably a good case for allowing multiple addresses in
virtual_host)?
... (haven't toured this part of the code before) ....
I see what looks like an array of listen sockets, so multiple sockets
seems the way to go.
>
>I don't have a strong feeling about the case of virtual_host without -i.
>The above says to ignore virtual_host, but maybe we should instead
>ignore the lack of -i and do what virtual_host says.
>
>
>
I have no strong feelings either.
cheers
andrew