> Tatsuo Ishii wrote:
>> Is there any security risk if we enable tcpip_socket by default? We
>> restrict connection from localhost only by default so I think enabling
>> tcpip_socket adds no security risk. Please correct me if I am wrong.
Bruce Momjian wrote:
> Right, and 7.5 will ship with tcp and localhost enabled.
If the default will be to listen on all interfaces, not just 127.0.0.1,
then this IS a security risk. And if that's not the plan, what good does
this change do? Any "real" use of tcp would still require a
configuration
change anyway.
Listening on public network interfaces by default would multiply by
orders of magnitude the number of machines vulnerable to potential
future remote exploits.
I gather that the pre-authentication code paths are pretty well known,
and that the chances of such an attack are slim. Nevertheless I cannot
help but note that it is exactly this default setting that caused
Microsoft SQL Server to lose a big, big chunk of its reputation, and
gain notoriety as a launchpad for Windows worms.
mk