Andrew Dunstan wrote:
> > This doesn't look consistent to me. Local addresses can be all
> > addresses that the host's interfaces are currently configured with,
> > loopback is nothing special in this sense. The admin can easily do
> > 'ifconfig' to see all addresses configured and enter them into
> > pg_hba.conf, because these addresses are obvious.
>
>
> We currently have this in the default pg_hba.conf file:
>
> host all all 127.0.0.1 255.255.255.255 trust
>
> The idea was to have something which would perform equivalently on IP4
> only, IP4 over IP6 and pure IP6 connections, without breaking the
> postmaster host in any of them.
>
> It is perfectly true that it could be mangled by the administrator -
> this would save him/her having to do so for the default case. In my
> proposal you would replace this default line with:
>
> loopback all all trust
>
> It's the fact that it is the default that makes it special. Does that
> make things clearer?
We have avoided doing dns lookups from pg_hba.conf, and hence the use of
127.0.0.1 instead of localhost. Now that we cache pg_hba.conf, we could
consider allowing hostnames in pg_hba.conf. Is that a TODO?
As for the IPv6 issue --- how prevalent is this problem. What OS
versions are affected? Has the user done something special to enable
this?
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073
