Home > mailing lists

Re: pg_hba.conf: samehost and samenet [REVIEW] - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: pg_hba.conf: samehost and samenet [REVIEW]
Date	September 23, 2009 21:37:14
Msg-id	4ABA94FD.9030202@dunslane.net Whole thread Raw
In response to	Re: pg_hba.conf: samehost and samenet [REVIEW] (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: pg_hba.conf: samehost and samenet [REVIEW] Re: pg_hba.conf: samehost and samenet [REVIEW]
List	pgsql-hackers

Tree view

Tom Lane wrote:
> In this case what particularly scares me is the idea that 'samenet'
> might be interpreted to let in a larger subnet than the user expected,
> eg 10/8 instead of 10.0.0/24.  You'd likely not notice the problem until
> after you'd been broken into ...
>
>   

I haven't looked at this "feature" at all, but I'd be inclined, on the 
grounds you quite reasonably cite, to require a netmask with "samenet", 
rather than just ask the interface for its netmask.

cheers

andrew

pgsql-hackers by date:

From: Mark Mielke
Date: 23 September 2009, 21:36:43
Subject: Re: pg_hba.conf: samehost and samenet [REVIEW]

From: Tom Lane
Date: 23 September 2009, 21:40:49
Subject: Re: pg_hba.conf: samehost and samenet [REVIEW]

Re: pg_hba.conf: samehost and samenet [REVIEW] - Mailing list pgsql-hackers

Previous

Next