Re: pg_hba.conf: samehost and samenet [REVIEW]

On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter <stef-list@memberwebs.com> wrote:
> Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
> order to allow access from nearby machines, without running into the
> maintenance problems of hard coding IP addresses. However using 0.0.0.0
> is clearly suboptimal from a security perspective.

If people aren't willing to take the time (5 minutes?) to create an
hba.conf file that implements a reasonable security policy, I'm not
sure anything we can do - and certainly not this - is going to help
very much.  I haven't really looked at this patch, but how confident
are we that this is actually portable?  It would be a shame to spend a
lot of time and energy troubleshooting portability problems with a
feature that - IMO - has a fairly marginal use case to begin with.
...Robert