All,
The company I work, DataSoft, for is doing a web based project
that uses Java and the JDBC driver for postgres. Aperently the
developers have told me that the JDBC requires the -i option on
postmaster. The only problem is this leves a visibility to the
outside world that we are using postmaster, or some other service.
Now we do have the pg_hba.conf configured to allow connections
from only that box it self, but you can never be two parinoid.
The patch that is attached adds a "-L" option to postmaster, which
tells postmaster to bind only to 127.0.0.1 or localhost. Now this
port is not exposed to the outside world, ie port scanners can't
detect it, and we can run our Java code with a little more comfort.
The patch is against the postgresql-7.0.2 source tree.
The patch was minimally test under Linux kernel 2.2.5 using
a RedHat 6.0 distribution.
The files effected are
postgresql-7.0.2/src/backend/libpq/pqcomm.c
postgresql-7.0.2/src/include/libpq/libpq.h
postgresql-7.0.2/src/backend/postmaster/postmaster.c
The patch just addes the -L option with a bool flag variable
BindLocalOnly to postmaster.c
Also the StreamServerPort function was modified to tha an extra
bool arguement which then if true causes the socket to be bound
to INADDR_LOOPBACK instead of INADDR_ANY.
The patch is just a tar.gz file that extracts over the postgresql-7.0.2
source tree.
If there are any issues pleas let me know.
Thanks,
John C. Quillan
john_quillan@datasoft.com
