Home > mailing lists

Re: Use "samehost" by default in pg_hba.conf? - Mailing list pgsql-hackers

From	Stef Walter
Subject	Re: Use "samehost" by default in pg_hba.conf?
Date	October 1, 2009 13:50:27
Msg-id	4AC4B38E.3090902@memberwebs.com Whole thread Raw
In response to	Re: Use "samehost" by default in pg_hba.conf? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> Having looked at the code, I think that samehost is pretty safe.  I'm
> still worried about samenet picking up a bogusly broad netmask --- but
> samehost hard-wires the netmask at all-ones.  Even if your network
> configuration is really screwed up, the kernel isn't going to send that
> traffic off-machine.  So I think it will act as advertised.

But will it accept traffic from off machine? If so, then essentially the
only line of defense is the security of the TCP stack. Or am I missing
something?

Cheers,

Stef

pgsql-hackers by date:

From: Stef Walter
Date: 01 October 2009, 13:48:05
Subject: Re: Use "samehost" by default in pg_hba.conf?

From: Magnus Hagander
Date: 01 October 2009, 13:54:51
Subject: Re: Rejecting weak passwords

Re: Use "samehost" by default in pg_hba.conf? - Mailing list pgsql-hackers

Previous

Next