Bruno Wolff III said:
> On Mon, May 17, 2004 at 18:00:48 -0400,
> Andrew Dunstan <andrew@dunslane.net> wrote:
>>
>> But what we listen to relates to the destination address of the
>> packets, not the source address ...
>
> There still is some small risk. If you OS doesn't reject packets
> destined for 127.*.*.* that don't come from the loopback interface, it
> is possible for someone on your local network to at least do a blind
> spoofing attack, possibly they might also be able to get replies back
> as well.
For some value of "small" approaching 0 :-) .
The default configuration will only allow localhost-localhost connections
(via the combination of the default listening_addresses value and the
default pg_hba.conf settings). So to spoof it successfully you would have
to be able to get the host to accept a nonlocal packet addressed to
localhost AND get it to route the reply addressed to localhost to your
nonlocal machine.
If you have such an insecure OS you should
- throw it in the bin and get another with a sane network stack, and
- in the meantime set listening_addresses to "" to turn of TCP altogether.
But then PostgreSQL is likely to be the least of your problems, I suspect.
Bear in mind that behaviour has not changed at all really, only *which*
behaviour is the default.
cheers
andrew