Ron Chmara <ron@opus1.com> writes:
> running security off of names would be much slower, as each session had
> to waste time on name lookups rather than just mapping to the address.
Another note: Many programs which implement host-based ACLs seem to
just do a reverse lookup on the IP of the client. This is a very bad
idea (IMHO):
Let's say you're running a database that allows connections from
yourdomain.com, and I want to break in. If I control a nameserver
that's authoritative for my own IP address range, I can break in
simply by creating a PTR record for my machine which points to
"something.yourdomain.com."
The right way to implement host-based ACLs is to do a double lookup;
resolve the IP to a hostname, and then verify that the hostname
resolves back to the original IP.
With such a system in place in PostgreSQL, it might be more reasonable
to allow something like "%.accounting.mycompany.com" in an ACL.
Chris
--
---------------------------------------------------- cjones@rightnowtech.com
Chris Jones
System Administrator, Right Now Technologies, Inc.
"Is this going to be a stand-up programming session, sir, or another bug hunt?"
