Re: Resurrecting pg_upgrade - Mailing list pgsql-hackers

From Jon Jensen
Subject Re: Resurrecting pg_upgrade
Date
Msg-id Pine.LNX.4.58.0312162145020.1582@louche.swelter.net
Whole thread Raw
In response to Re: Resurrecting pg_upgrade  ("scott.marlowe" <scott.marlowe@ihs.com>)
List pgsql-hackers
On Tue, 16 Dec 2003, scott.marlowe wrote:

> > > If you want to prevent "accidential" access, start postmaster on a 
> > > non-standard port.
> > 
> > That seems like an unfriendly thing to do. You'd have to check to see what 
> > port is "standard" for this particular installation, and pick something 
> > else. You may choose an unused port, but perhaps it needs to be used in a 
> > few minutes by some other process, but then will be occupied. The 
> > administrator may also not be happy to have an open port facing the world, 
> > or even just other possibly untrusted users on the same machine, assuming 
> > you bind to localhost.
> 
> But aren't ports above a certain number "fair game"?
> 
> Yep, just answered my own question, quoting from /etc/services:
> 
> The latest IANA port assignments can be gotten from
> #       http://www.iana.org/assignments/port-numbers
> # The Well Known Ports are those from 0 through 1023.
> # The Registered Ports are those from 1024 through 49151
> # The Dynamic and/or Private Ports are those from 49152 through 65535
> 
> so as long as we use 49152 and above we're cool.

I guess that would work, though this objection remains:

> > The administrator may also not be happy to have an open port facing
> > the world, or even just other possibly untrusted users on the same
> > machine, assuming you bind to localhost.

If the PostgreSQL administrator and the system administrator were always 
the same person, that would be less of a big deal since the sysadmin would 
know what's going on (assuming s/he reads the docs).

Why not use a different UNIX socket in a directory not accessible to
others? That would be more secure.

Jon


pgsql-hackers by date:

Previous
From: "scott.marlowe"
Date:
Subject: Re: Resurrecting pg_upgrade
Next
From: Alvaro Herrera
Date:
Subject: Re: [GENERAL][ADMIN]data fragmentation