reassign 318820 postgresql-common found 318820 26 thanks Hi Peter! Peter Eisentraut [2005-09-26 10:45 +0200]: > I want to add what the idea behind this setting is: > > The authentication checks in pg_hba.conf are done at a rather late stage of > creating the connection. If the server accepts TCP connections from anyone > on the Internet, it's trivial to DOS the PostgreSQL server. The current > installation default in the Debian package is therefore a gaping security > hole. The default setting is therefore to not make the database server > visible on external interfaces. The comparison with Apache and SSH is flawed > because those services are designed to operate on the open Internet whereas > PostgreSQL is definitely not designed for that.
Oh, that's good to know. I just kept this since this has been the default since woody. Well, but if upstream says it's not safe enough, who am I to disagree... Ok, I'll change the default in the next postgresql-common upload (I'm glad that this does not require me to change three server package versions any more :-) ). The new default will affect only new clusters, though; I cannot and don't want to change already existing ones. Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
