Re: Use "samehost" by default in pg_hba.conf?
| От | Tom Lane |
|---|---|
| Тема | Re: Use "samehost" by default in pg_hba.conf? |
| Дата | |
| Msg-id | 10672.1254371775@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Use "samehost" by default in pg_hba.conf? (Peter Eisentraut <peter_e@gmx.net>) |
| Ответы |
Re: Use "samehost" by default in pg_hba.conf?
|
| Список | pgsql-hackers |
Peter Eisentraut <peter_e@gmx.net> writes:
>> (Note that you would still need a non-default setting of
>> listen_addresses for "-h machine_name" to actually work.)
> Which makes this proposal kind of uninteresting.
Well, it's one less thing that has to be fixed for local connections
to work smoothly.
> Plus, with @authmethod@ being mostly "trust", how much faith do we have
> in samehost never giving any false positives?
Having looked at the code, I think that samehost is pretty safe. I'm
still worried about samenet picking up a bogusly broad netmask --- but
samehost hard-wires the netmask at all-ones. Even if your network
configuration is really screwed up, the kernel isn't going to send that
traffic off-machine. So I think it will act as advertised.
regards, tom lane
В списке pgsql-hackers по дате отправления: