Re: Checking pg_hba.conf in the child process
| От | Magnus Hagander |
|---|---|
| Тема | Re: Checking pg_hba.conf in the child process |
| Дата | |
| Msg-id | CABUevEzrzKmjKAs+8UUWywqobsP9rqSwnpszi1-6FxxGqZifpA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Checking pg_hba.conf in the child process (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Sat, Feb 25, 2012 at 00:45, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Alvaro Herrera <alvherre@commandprompt.com> writes: >> Excerpts from Bruce Momjian's message of vie feb 24 19:19:10 -0300 2012: >>> In looking over our authentication code, I noticed that we create the >>> child process before we check any of the pg_hba.conf file. Now, I >>> realize we can't do authentication in the postmaster because of possible >>> delay, and checking the user name and database name filters is just work >>> that is better done in the child, but checking the IP address might >>> prevent unauthorized clients from causing excessive process creation on >>> the server. I know we have listen_addresses, but that defaults to "*" >>> on the click-through installers, and not everybody knows how to set up a >>> firewall. > >> Hm, one thing to keep in mind is that we allow hostnames there. It'd be >> a pain to have postmaster hang while resolving names. > > Yes. This cure would be a lot worse than the disease. Bruce ought to > remember that we intentionally moved all that logic *out* of the > postmaster process, years ago, precisely because it was too hard to > ensure that the postmaster wouldn't block and thus create DOS conditions > of another sort. As long as the block would only look at the IP it would also be trivial - and more efficient - to do the same blocking in the firewall, either local host firewall rules or the network firewall depending on deployment... -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
В списке pgsql-hackers по дате отправления: