Re: listening addresses

Josh Berkus wrote:
> Andrew, Tom:
> 
> This will be a really nice feature for those of us with PG servers that 
> participate in VPNs.    Currently I'm blocking certain interfaces using 
> pg_hba.conf but would prefer a "listen" address instead.
> 
> Of course, the drawback to this is that confused DBAs will have their 
> pg_hba.conf conflict with their postgresql.conf, and cut off all access to 
> the DB.  But I don't know how we can protect against that.
> 
> Might I suggest that this default to "127.0.0.1" in postgresql.conf.sample?   
> This is a reasonably safe default, and would allow us to use the same default 
> for Windows as for other OSes.   It would also eliminate about 15% of the 
> questions I get on a weekly basis from PHP users. ("uncomment the line 
> tcpip_sockets ...").
> 
> If I had time, I would also love to see setting the password for the postgres 
> user become part of the initdb script.  However, I can see that this wouldn't 
> work with packages.

Why couldn't we do something where we ask for a password only if stdin
is from a terminal?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073