On Sat, Feb 25, 2012 at 00:45, Tom Lane <t...@sss.pgh.pa.us> wrote: > Alvaro Herrera <alvhe...@commandprompt.com> writes: >> Excerpts from Bruce Momjian's message of vie feb 24 19:19:10 -0300 2012: >>> In looking over our authentication code, I noticed that we create the >>> child process before we check any of the pg_hba.conf file. Now, I >>> realize we can't do authentication in the postmaster because of possible >>> delay, and checking the user name and database name filters is just work >>> that is better done in the child, but checking the IP address might >>> prevent unauthorized clients from causing excessive process creation on >>> the server. I know we have listen_addresses, but that defaults to "*" >>> on the click-through installers, and not everybody knows how to set up a >>> firewall. > >> Hm, one thing to keep in mind is that we allow hostnames there. It'd be >> a pain to have postmaster hang while resolving names. > > Yes. This cure would be a lot worse than the disease. Bruce ought to > remember that we intentionally moved all that logic *out* of the > postmaster process, years ago, precisely because it was too hard to > ensure that the postmaster wouldn't block and thus create DOS conditions > of another sort.
As long as the block would only look at the IP it would also be trivial - and more efficient - to do the same blocking in the firewall, either local host firewall rules or the network firewall depending on deployment... -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
