On Tue, 16 Dec 2003, scott.marlowe wrote:
> > > If you want to prevent "accidential" access, start postmaster on a
> > > non-standard port.
> >
> > That seems like an unfriendly thing to do. You'd have to check to see what
> > port is "standard" for this particular installation, and pick something
> > else. You may choose an unused port, but perhaps it needs to be used in a
> > few minutes by some other process, but then will be occupied. The
> > administrator may also not be happy to have an open port facing the world,
> > or even just other possibly untrusted users on the same machine, assuming
> > you bind to localhost.
>
> But aren't ports above a certain number "fair game"?
>
> Yep, just answered my own question, quoting from /etc/services:
>
> The latest IANA port assignments can be gotten from
> # http://www.iana.org/assignments/port-numbers
> # The Well Known Ports are those from 0 through 1023.
> # The Registered Ports are those from 1024 through 49151
> # The Dynamic and/or Private Ports are those from 49152 through 65535
>
> so as long as we use 49152 and above we're cool.
I guess that would work, though this objection remains:
> > The administrator may also not be happy to have an open port facing
> > the world, or even just other possibly untrusted users on the same
> > machine, assuming you bind to localhost.
If the PostgreSQL administrator and the system administrator were always
the same person, that would be less of a big deal since the sysadmin would
know what's going on (assuming s/he reads the docs).
Why not use a different UNIX socket in a directory not accessible to
others? That would be more secure.
Jon
