Tom Lane wrote:
Andrew Dunstan [EMAIL PROTECTED] writes:
I did wonder if we should treate localhost as a bit special and not
rely on the resolver for it.
I don't think so; we went in the other direction in 7.4 for pgstats.
(It used to try to bind to 127.0.0.1 and now tries localhost.)
Andrew Dunstan [EMAIL PROTECTED] writes:
A small problem with it was reported to me a couple of days ago - user
had firewalled off all IP6 traffic. The stats collector happily bound
and connected to the socket, but all the packets fell in the bit bucket.
They found it quite hard to diagnose
Tom Lane wrote:
also, is it safe to
assume that a byte sent with send() is *immediately* ready to recv()?
If not presumably you could either sleep for a very small interval
before the recv or select on the socket for a very small interval. Half
a second should be ample, I would think.
Andrew, Tom:
This will be a really nice feature for those of us with PG servers that
participate in VPNs.Currently I'm blocking certain interfaces using
pg_hba.conf but would prefer a listen address instead.
Of course, the drawback to this is that confused DBAs will have their
pg_hba.conf
Josh Berkus wrote:
Andrew, Tom:
This will be a really nice feature for those of us with PG servers that
participate in VPNs.Currently I'm blocking certain interfaces using
pg_hba.conf but would prefer a listen address instead.
Of course, the drawback to this is that confused DBAs
Josh Berkus [EMAIL PROTECTED] writes:
Might I suggest that this default to 127.0.0.1 in postgresql.conf.sample?
No, the default should be localhost. Your thinking is too
IPv4-centric.
regards, tom lane
---(end of
Tom,
No, the default should be localhost. Your thinking is too
IPv4-centric.
Good point. My clients are all years away from implementing Ipv6, so I tend
to forget about it.
--
-Josh Berkus
Aglio Database Solutions
San Francisco
---(end of
I wrote:
Josh Berkus wrote:
If I had time, I would also love to see setting the password for the
postgres user become part of the initdb script. However, I can see
that this wouldn't work with packages.
Orthogonal problem.
BTW, initdb is no longer a script - some idiot rewrote it in C
Idiot is such a strong word, don't you think?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andrew Dunstan
Sent: Tuesday, March 16, 2004 7:26 AM
To: Postgresql Hackers
Subject: Re: [HACKERS] listening addresses
I wrote:
Josh Berkus wrote:
If I had
Andrew Dunstan [EMAIL PROTECTED] writes:
The intention is to make localhost the default. That should translate
to 127.0.0.1 and ::1 (if they have ipv6 on). Of course, if they have a
broken resolver things might get sticky, but that is true now anyway.
Just to be clear: right now, if
Tom Lane wrote:
Andrew Dunstan [EMAIL PROTECTED] writes:
The intention is to make localhost the default. That should translate
to 127.0.0.1 and ::1 (if they have ipv6 on). Of course, if they have a
broken resolver things might get sticky, but that is true now anyway.
Just to be clear:
Andrew Dunstan [EMAIL PROTECTED] writes:
I did wonder if we should treate localhost as a bit special and not
rely on the resolver for it.
I don't think so; we went in the other direction in 7.4 for pgstats.
(It used to try to bind to 127.0.0.1 and now tries localhost.)
So far I've not seen any
Tom Lane wrote:
Josh Berkus [EMAIL PROTECTED] writes:
Might I suggest that this default to 127.0.0.1 in postgresql.conf.sample?
No, the default should be localhost. Your thinking is too
IPv4-centric.
FYI, once we default to listening on localhost, we need to warn folks
who are using
Bruce Momjian [EMAIL PROTECTED] writes:
FYI, once we default to listening on localhost, we need to warn folks
who are using socket permission to control access that they have to turn
off localhost. That needs to be mentioned in the release notes, and in
the SGML docs that talk about socket
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
FYI, once we default to listening on localhost, we need to warn folks
who are using socket permission to control access that they have to turn
off localhost. That needs to be mentioned in the release notes, and in
the SGML docs that
[removing to hackers as it is of general interest]
Tom Lane wrote:
Andrew Dunstan wrote:
That seems to me to get as close as reasonably possible to the Unix
behaviour. I don't think that always allowing localhost connections on
Windows is a big security risk.
Is it a big security
Andrew Dunstan [EMAIL PROTECTED] writes:
This slipped off my radar. I have just spent a little while thinking
about it. How about this: we replace tcpip_socket and virtual_host with
a new var called listen_addresses, which can have values of local,
all, or a list of addresses? The default
17 matches
Mail list logo