Re: enabling tcpip_socket by default
| От | Andrew Dunstan |
|---|---|
| Тема | Re: enabling tcpip_socket by default |
| Дата | |
| Msg-id | 40A93610.1010105@dunslane.net обсуждение исходный текст |
| Ответ на | Re: enabling tcpip_socket by default (Greg Stark <gsstark@mit.edu>) |
| Ответы |
Re: enabling tcpip_socket by default
|
| Список | pgsql-hackers |
Greg Stark wrote: > > >>Ah! Of course. That makes sense, and listening on 127.0.0.1 never >>hurt anyone (except, of course, the tinfoil hat crowd nmapping >>localhost in a frenzy...) >> >> > >Actually on many systems it was very possible to send packets to a machine >with a source address of 127.0.0.1 even over external networks or through >routers. Making an attack out of this on a TCP service would be difficult, but >it has been done. > >Good OS distributions install network filters by default to refuse such >packets, but lots of OSes still don't do this. > > > But what we listen to relates to the destination address of the packets, not the source address ... cheers andrew
В списке pgsql-hackers по дате отправления: