On Thu, Oct 1, 2009 at 11:35 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Stef Walter <stef-list@memberwebs.com> writes:
>> Tom Lane wrote:
>>> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
>>> a good idea to replace this part of the default pg_hba.conf file:
>
>> You're probably not suggesting this, but I would be against a default
>> setting of 'samehost' used with 'trust'.
>
>> Essentially that would be the same as rlogin rsh, where if the user can
>> spoof a TCP connection, he can connect to postgresql. Depending on the
>> platform, an interface may have to be down for this to work.
>
> Is there any actual risk here that we aren't taking already just by
> allowing 127.0.0.1?
I wouldn't bet that there isn't. I don't really think there's any
need for our default configuration to be at the mercy of every half-
baked TCP/IP implementation out there. A socket file in /tmp can't be
remotely hacked (well, not directly anyway); anything else is further
from a sure thing.
...Robert