On Fri, Feb 24, 2012 at 07:27:06PM -0300, Alvaro Herrera wrote: > > Excerpts from Bruce Momjian's message of vie feb 24 19:19:10 -0300 2012: > > In looking over our authentication code, I noticed that we create the > > child process before we check any of the pg_hba.conf file. Now, I > > realize we can't do authentication in the postmaster because of possible > > delay, and checking the user name and database name filters is just work > > that is better done in the child, but checking the IP address might > > prevent unauthorized clients from causing excessive process creation on > > the server. I know we have listen_addresses, but that defaults to "*" > > on the click-through installers, and not everybody knows how to set up a > > firewall. > > Hm, one thing to keep in mind is that we allow hostnames there. It'd be > a pain to have postmaster hang while resolving names.
Yes, we would still need to recheck the filter in the child because of username/dbname limits, but your point is very valid --- any use of hostnames in pg_hba.conf would prevent us from doing IP checks. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
