Re: [PATCH] pgarchives: Add host option for pglister_sync
| От | Célestin Matte |
|---|---|
| Тема | Re: [PATCH] pgarchives: Add host option for pglister_sync |
| Дата | |
| Msg-id | 31a1029c-44fb-4b74-a754-1b081ccfa7c7@cmatte.me обсуждение исходный текст |
| Ответ на | Re: [PATCH] pgarchives: Add host option for pglister_sync (Magnus Hagander <magnus@hagander.net>) |
| Список | pgsql-www |
> And for very good reasons, because you've removed an important part of the https security! Which makes sense and is hardly exploitable in that case since we're talking about local traffic > Differentiating hosts on https is something SNI has been used for for many years. That seems to be the appropriate solutionhere as well, if you absolutely need to use https on localhost? (There are things that require that, such as accessto browser camera, but I don'pt see how any of that would apply to a pglister API call, so it seems easie rto justnot encrypt localhost traffic?) Problem is that requests made to the domain will be received as coming from the server's external IP address, which makesit difficult to detect it as local traffic (unless hardcoding this IP address in apache's config) > Bottom line is this really sounds like a server side issue in the apache configuration, and should be solved there. Yes, I ended up adding the target domain to /etc/hosts so that it resolves to 127.0.0.1 or ::1, which is a much simpler solution.Thanks for the inputs, they made me consider things differently! This patch can be forgotten. Please let me kindly remind that many other patches are waiting for integration and I listed their state here: https://www.postgresql.org/message-id/6fc41ae5-f547-4cbd-a2d5-54ad75e33fe5@cmatte.me -- Célestin Matte
В списке pgsql-www по дате отправления: