> > Tatsuo Ishii wrote:
> >> Is there any security risk if we enable tcpip_socket by default? We
> >> restrict connection from localhost only by default so I think enabling
> >> tcpip_socket adds no security risk. Please correct me if I am wrong.
>
> Bruce Momjian wrote:
> > Right, and 7.5 will ship with tcp and localhost enabled.
>
> If the default will be to listen on all interfaces, not just 127.0.0.1,
> then this IS a security risk. And if that's not the plan, what good does
> this change do? Any "real" use of tcp would still require a
> configuration
> change anyway.
Consider a program using JDBC on localhost. It can only reach to
PostgreSQL via TCP/IP.
--
Tatsuo Ishii