Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses
| От | Andrew Sullivan |
|---|---|
| Тема | Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses |
| Дата | |
| Msg-id | 20080616163238.GC52697@commandprompt.com обсуждение исходный текст |
| Ответ на | Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses (Peter Eisentraut <peter_e@gmx.net>) |
| Ответы |
Re: TODO Item: Allow pg_hba.conf to specify host names
along with IP addresses
|
| Список | pgsql-hackers |
On Mon, Jun 16, 2008 at 11:47:21AM +0200, Peter Eisentraut wrote: > I'm a bit curious how useful in practice this would actually be. Obviously, > you want to use host names to simplify the management of hosts, currently > being done with IP addresses. But how widely useful is it really to > authenticate a bunch of hosts in different ways? I'd say the standard case > is localhost vs everything else. Or perhaps localhost vs LAN vs rest of the > Internet. In neither of these cases , using host names helps much. The obvious case for it (which is why I'm not arguing against using it as such) is network renumbering. If you renumber a network, right now you have to update these files. Today this isn't a big deal, but as IPv4 addresses get scarcer and IPv6 addresses come online, this is going to become a problem people have more often. In large deployments with a lot of postmasters and many people's hands involved, one fewer change to manage would be a boon. Moreover, in managed networks, you don't always control when your IPs will change or how. Doing this by hostname could have advantages for reliability, at the possible cost of startup performance. One reason to use DNS names rather than static /etc/host entries or IP addresses is this resilience in the face of a changing network infrastructure. > We have people here concerned about security of DNS, rightly so. But what > about relying on IP addresses or, by extension, MAC addresses for security; > is that safe? Well, there's one fewer thing that can be subverted. But authenticating from a host address is pretty weak authentication. I'd think the Morris worm teaches us that. Without DNSSEC, subverting the DNS is very close to trivial. But, in the presence of competent DNSSEC deployment, subverting the DNS becomes just shy of impossible, so this might become a strategy approximately as strong as authentication by host address. You're still trusting a connection on the basis of who it claims to be and where it's coming from; that's hardly strong authentication. I agree with Andrew Dunstan that for any real world wide-scale uses, you want to use some sort of strong authentication. A -- Andrew Sullivan ajs@commandprompt.com +1 503 667 4564 x104 http://www.commandprompt.com/
В списке pgsql-hackers по дате отправления: