Alvaro Herrera <alvhe...@commandprompt.com> writes: > Excerpts from Bruce Momjian's message of vie feb 24 19:19:10 -0300 2012: >> In looking over our authentication code, I noticed that we create the >> child process before we check any of the pg_hba.conf file. Now, I >> realize we can't do authentication in the postmaster because of possible >> delay, and checking the user name and database name filters is just work >> that is better done in the child, but checking the IP address might >> prevent unauthorized clients from causing excessive process creation on >> the server. I know we have listen_addresses, but that defaults to "*" >> on the click-through installers, and not everybody knows how to set up a >> firewall.
> Hm, one thing to keep in mind is that we allow hostnames there. It'd be > a pain to have postmaster hang while resolving names. Yes. This cure would be a lot worse than the disease. Bruce ought to remember that we intentionally moved all that logic *out* of the postmaster process, years ago, precisely because it was too hard to ensure that the postmaster wouldn't block and thus create DOS conditions of another sort. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers