Re: Patch to make postmaster bind to only to localhost.
| От | Bruce Momjian |
|---|---|
| Тема | Re: Patch to make postmaster bind to only to localhost. |
| Дата | |
| Msg-id | 200009120508.BAA13236@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Patch to make postmaster bind to only to localhost. ("John C. Quillan" <john_quillan@datasoft.com>) |
| Список | pgsql-patches |
I am inclinded to skip this patch. We already have too many postmaster options, and I don't think adding something that already is done in pg_hba.conf is a big help. Sorry. > All, > > The company I work, DataSoft, for is doing a web based project > that uses Java and the JDBC driver for postgres. Aperently the > developers have told me that the JDBC requires the -i option on > postmaster. The only problem is this leves a visibility to the > outside world that we are using postmaster, or some other service. > Now we do have the pg_hba.conf configured to allow connections > from only that box it self, but you can never be two parinoid. > > The patch that is attached adds a "-L" option to postmaster, which > tells postmaster to bind only to 127.0.0.1 or localhost. Now this > port is not exposed to the outside world, ie port scanners can't > detect it, and we can run our Java code with a little more comfort. > > The patch is against the postgresql-7.0.2 source tree. > > The patch was minimally test under Linux kernel 2.2.5 using > a RedHat 6.0 distribution. > > The files effected are > postgresql-7.0.2/src/backend/libpq/pqcomm.c > postgresql-7.0.2/src/include/libpq/libpq.h > postgresql-7.0.2/src/backend/postmaster/postmaster.c > > The patch just addes the -L option with a bool flag variable > BindLocalOnly to postmaster.c > > Also the StreamServerPort function was modified to tha an extra > bool arguement which then if true causes the socket to be bound > to INADDR_LOOPBACK instead of INADDR_ANY. > > The patch is just a tar.gz file that extracts over the postgresql-7.0.2 > source tree. > > If there are any issues pleas let me know. > > Thanks, > > John C. Quillan > john_quillan@datasoft.com [ application/x-gzip is not supported, skipping... ] -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
В списке pgsql-patches по дате отправления: