Re: Pg_hba and dynamic dns

Поиск
Список
Период
Сортировка
От Hans Spaans
Тема Re: Pg_hba and dynamic dns
Дата
Msg-id 20030509002340.GA17686@sch01r01.nexit.nl
обсуждение исходный текст
Ответ на Pg_hba and dynamic dns  (Randall Perry <rgp@systame.com>)
Ответы Re: Pg_hba and dynamic dns  (Randall Perry <rgp@systame.com>)
Список pgsql-admin
On Thu, May 08, 2003 at 06:40:14PM -0400, Randall Perry wrote:
> I've discovered I can use URLs for an IP address in pg_hba.conf, and
> everything works ok if the host can be resolved.
>
> If it can't be resolved I get the error:
> psql: FATAL:  Missing or erroneous pg_hba.conf file, see postmaster log for
> details
>
> And then all tcp/ip is denied.
>
> That sucks -- means I can't use dynamic DNS. Anyone else think tcp/ip access
> shouldn't break if a URL can't be resolved?

IMHO support for fqdn should be removed.

1. FQDN's are mostly resolved when the configuration is being loaded.
So that data isn't going to change when the program is running or
would you like to do a dns query for every connection you get?

2. How are you going to handle forward and reversed dns? Think about
multiple A-records, fake or no reversed DNS, etc.

3. If fqdn is being checked when the db gets a connection people can
break in when you only check reversed dns.

4. Who is going to ensure me that dns isn't compromised somewhere down
the line?

This are just a few things, but I'm wondering.

--
Hans


В списке pgsql-admin по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: SET STATISTICS value recorded where?
Следующее
От: Bruno Wolff III
Дата:
Сообщение: Re: Postgresql goes down need to restart (redhat postgresql service script) lock files removal avoid 2 postmasters