Re: pg_hba.conf hostname todo
От | Joshua D. Drake |
---|---|
Тема | Re: pg_hba.conf hostname todo |
Дата | |
Msg-id | 1167256061.12075.55.camel@localhost.localdomain обсуждение исходный текст |
Ответ на | Re: pg_hba.conf hostname todo (Stephen Frost <sfrost@snowman.net>) |
Ответы |
Re: pg_hba.conf hostname todo
Re: pg_hba.conf hostname todo Re: pg_hba.conf hostname todo |
Список | pgsql-hackers |
On Wed, 2006-12-27 at 16:41 -0500, Stephen Frost wrote: > * Joshua D. Drake (jd@commandprompt.com) wrote: > > Allow pg_hba.conf to specify host names along with IP addresses > > Excellent. > > > Host name lookup could occur when the postmaster reads the pg_hba.conf > > file, or when the backend starts. Another solution would be to reverse > > lookup the connection IP and check that hostname against the host names > > in pg_hba.conf. We could also then check that the host name maps to the > > IP address. > > I'm inclined towards doing the reverse-DNS of the connecting IP and then > checking that the forward of that matches. Hmm what if it doesn't? Which is the case any many scenario. My thoughts are: If www.commandprompt.com is allowed, then the ip address 207.173.200.129 is allowed to connect. If we go the reverse way: 129.200.173.207.in-addr.arpa name = 129.commandprompt.com. Which really isn't that useful imo. > > > Allow one to specify a FQDN or a simple wild card DN. E.g; > > *.commandprompt.com. > > > > A valid entry would look like this: > > > > host all all *.commandprompt.com trust > > host all all www1.postgresql.org md5 > > > > Thoughts? > > While a wildcard does make sense (ie: www*.postgresql.org), I would > generally expect 'commandprompt.com' to mean '*.commandprompt.com' > implicitly. Hmm interesting. I wouldn't expect that. I might expect .commandprompt.com to mean *.commandprompt.com. But commandprompt.com I would expect only whatever the A record returns as commandprompt.com. One thing I don't want to do is create a bunch of different style syntaxes that are available :) Sincerely, Joshua D. Drake > > Thanks! > > Stephen -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
В списке pgsql-hackers по дате отправления: