Re: enabling tcpip_socket by default
| От | Andrew Dunstan |
|---|---|
| Тема | Re: enabling tcpip_socket by default |
| Дата | |
| Msg-id | 2265.24.211.141.25.1084849332.squirrel@www.dunslane.net обсуждение исходный текст |
| Ответ на | Re: enabling tcpip_socket by default (Bruno Wolff III <bruno@wolff.to>) |
| Список | pgsql-hackers |
Bruno Wolff III said: > On Mon, May 17, 2004 at 18:00:48 -0400, > Andrew Dunstan <andrew@dunslane.net> wrote: >> >> But what we listen to relates to the destination address of the >> packets, not the source address ... > > There still is some small risk. If you OS doesn't reject packets > destined for 127.*.*.* that don't come from the loopback interface, it > is possible for someone on your local network to at least do a blind > spoofing attack, possibly they might also be able to get replies back > as well. For some value of "small" approaching 0 :-) . The default configuration will only allow localhost-localhost connections (via the combination of the default listening_addresses value and the default pg_hba.conf settings). So to spoof it successfully you would have to be able to get the host to accept a nonlocal packet addressed to localhost AND get it to route the reply addressed to localhost to your nonlocal machine. If you have such an insecure OS you should - throw it in the bin and get another with a sane network stack, and - in the meantime set listening_addresses to "" to turn of TCP altogether. But then PostgreSQL is likely to be the least of your problems, I suspect. Bear in mind that behaviour has not changed at all really, only *which* behaviour is the default. cheers andrew
В списке pgsql-hackers по дате отправления: