Re: Use "samehost" by default in pg_hba.conf?
| От | Tom Lane |
|---|---|
| Тема | Re: Use "samehost" by default in pg_hba.conf? |
| Дата | |
| Msg-id | 19749.1254411323@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Use "samehost" by default in pg_hba.conf? (Stef Walter <stef-list@memberwebs.com>) |
| Ответы |
Re: Use "samehost" by default in pg_hba.conf?
Re: Use "samehost" by default in pg_hba.conf? |
| Список | pgsql-hackers |
Stef Walter <stef-list@memberwebs.com> writes:
> Tom Lane wrote:
>> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
>> a good idea to replace this part of the default pg_hba.conf file:
> You're probably not suggesting this, but I would be against a default
> setting of 'samehost' used with 'trust'.
> Essentially that would be the same as rlogin rsh, where if the user can
> spoof a TCP connection, he can connect to postgresql. Depending on the
> platform, an interface may have to be down for this to work.
Is there any actual risk here that we aren't taking already just by
allowing 127.0.0.1?
regards, tom lane
В списке pgsql-hackers по дате отправления: