Re: Use "samehost" by default in pg_hba.conf?

Peter Eisentraut <peter_e@gmx.net> writes:
>> (Note that you would still need a non-default setting of
>> listen_addresses for "-h machine_name" to actually work.)

> Which makes this proposal kind of uninteresting.

Well, it's one less thing that has to be fixed for local connections
to work smoothly.

> Plus, with @authmethod@ being mostly "trust", how much faith do we have
> in samehost never giving any false positives?

Having looked at the code, I think that samehost is pretty safe.  I'm
still worried about samenet picking up a bogusly broad netmask --- but
samehost hard-wires the netmask at all-ones.  Even if your network
configuration is really screwed up, the kernel isn't going to send that
traffic off-machine.  So I think it will act as advertised.
        regards, tom lane