Andrew Dunstan wrote:
> How does this sound?
>
> . if -i/tcpip_socket is not set, then bind to localhost
> . if -i/tcpip_socket is set, and virtual_host is not set, behave as now
> (i.e. bind to all addresses)
> . if -i/tcpip_socket is set, and virtual_host is set, bind to all but
> immediately close connections where the local address is not either
> localhost or the virtual_host.
>
> That seems to me to get as close as reasonably possible to the Unix
> behaviour. I don't think that always allowing localhost connections on
> Windows is a big security risk.
>
> Also, what is the default connection mode of psql? It should probably be
> equivalent to "-h localhost", shouldn't it?
Now that is something I had not thought of. Seems we can assume a Win32
psql can never use unix domain sockets, so defaulting that to localhost
is a good solution too.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
