be the same as rlogin rsh, where if the user can
spoof a TCP connection, he can connect to postgresql. Depending on the
platform, an interface may have to be down for this to work.
Cheers,
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription
that
traffic off-machine. So I think it will act as advertised.
But will it accept traffic from off machine? If so, then essentially the
only line of defense is the security of the TCP stack. Or am I missing
something?
Cheers,
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers
Tom Lane wrote:
Stef Walter stef-l...@memberwebs.com writes:
Tom Lane wrote:
Now that the samehost/samenet patch is in, I wonder if it wouldn't be
a good idea to replace this part of the default pg_hba.conf file:
You're probably not suggesting this, but I would be against a default
setting
, there are checks for various bad netmasks. I incorporated these
techniques after seeing them in the corresponding postfix code.
BTW, there's also fallback code. If none of the methods work on a given
OS, then the ifaddrs code just lists 127.0.0.1/8 and ::1/128.
Cheers,
Stef
diff --git a/configure.in b
Dave Page wrote:
On Mon, Sep 28, 2009 at 10:10 PM, Stef Walter stef-l...@memberwebs.com
wrote:
* Win32 using win_wsa2.dll
I assume you mean ws2_32.dll?
Yes. I get dyslexic around windows DLLs. :)
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make
, FreeBSD, Linux and Windows. As far as I can tell
this should also work on Mac OS, HPUX and AIX, and probably others.
* Added src/tools/ifaddrs/test_ifaddrs tool for testing interface
address code.
Cheers,
Stef
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index
. However
for the sake of completeness attached is a patch with dynamically sized
buffers. This adds some code complexity, but maybe someone out there
would have run into this (extremely) edge case.
I believe this patch to be complete, and am looking forward to review.
Cheers,
Stef
diff --git
Robert Haas wrote:
Attached patch contains a fix.
So is this one Ready for Committer?
Not yet. Two more things to do. Will work on them early next week:
* On Solaris the ioctl used only returns IPv4 addresses.
* Don't use hard coded buffers on win32 and ioctl.
Cheers,
Stef
--
Sent
Magnus Hagander wrote:
On Mon, Sep 21, 2009 at 20:12, Stef Walter stef-l...@memberwebs.com wrote:
This patch does not build on Windows, the error is:
ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
referenced
in function _pg_foreach_ifaddr
ip.obj : error LNK2019
Magnus Hagander wrote:
On Mon, Sep 21, 2009 at 20:12, Stef Walter stef-l...@memberwebs.com wrote:
snip
Updated in attached patch.
This patch does not build on Windows, the error is:
ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
referenced
in function
Robert Haas wrote:
On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter stef-l...@memberwebs.com
wrote:
Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
order to allow access from nearby machines, without running into the
maintenance problems of hard coding IP addresses. However
.
Good idea.
As far as I know postfix doesn't support win32. They use a similar
approach with using ioctls on some systems, getifaddrs on others.
I can take a look at the postfix code (src/util/inet_addr_local.c),
check out licenses, add win32 support and adapt it to postgres uses.
Cheers,
Stef
Tom Lane wrote:
Stef Walter stef-l...@memberwebs.com writes:
Allowing host names in pg_hba.conf would also solve this problem,
although the last person who tried to implement this it was a topic of
contention. I asked if I should focus on reverse DNS host names in
pg_hba.conf or portability
addresses
+ # of the local machine. Or you can specify samenet to limit connections
+ # to addresses on the subnets of the local network.
This should be reworded to match the documentation change suggested
above.
Done.
Cheers,
Stef
diff --git a/configure.in b/configure.in
index e545a1f
there :(
I've checked AIX, Linux, BSD and Mac OS and NULL ifa_addr's are
documented in all of them.
Cheers,
Stef
diff --git a/configure.in b/configure.in
index e545a1f..b77ce2b 100644
*** a/configure.in
--- b/configure.in
*** AC_SUBST(OSSP_UUID_LIBS)
*** 969,975
##
dnl sys/socket.h
Magnus Hagander wrote:
On Wed, Aug 19, 2009 at 15:02, Stef Walterstef-l...@memberwebs.com wrote:
Magnus Hagander wrote:
On Wed, Aug 19, 2009 at 03:58, Stef Walterstef-l...@memberwebs.com wrote:
Attached is a new patch, which I hope addresses all the concerns raised.
I think you forgot
Magnus Hagander wrote:
On Wed, Aug 19, 2009 at 03:58, Stef Walterstef-l...@memberwebs.com wrote:
Attached is a new patch, which I hope addresses all the concerns raised.
I think you forgot to actually attach the patch
Whoops. Here it is.
Stef
diff --git a/configure.in b/configure.in
questions that reviewers come up
with :-)
I need some sort of a login to add a patch to the commit fest. Is that
something I can get? Or is there someone I should ask to add my patch to
the commit fest? I hope I'm not being dense and missing something
obvious. :)
Cheers,
Stef
--
Sent via pgsql
do that once we've worked out the kinks here. Is the right
way to go about it?
Cheers,
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Tom Lane wrote:
Magnus Hagander mag...@hagander.net writes:
On Fri, Aug 14, 2009 at 00:50, Stef Walterstef-l...@memberwebs.com wrote:
It would be great if, in the cidr-address field of pg_hba.conf, we could
specify samehost and samenet.
Seems like a reasonable feature - especially
indentation change (ie: a if block), and moving some code into
a separate function.
Thanks for your time. How can I help get a feature like this into
postgresql?
Cheers,
Stef
diff --git a/configure b/configure
index 61b3c72..7bcfcec 100755
*** a/configure
--- b/configure
*** done
trigger fails ?
Ugh. Down that road I can see madness looming, however, this -is-
monday so ... :)
Regards
Stef
Jonah H. Harris wrote:
Daisuke,
A patch was done for replication hooks which implements
global database-level triggers for connection startup and shutdown, and
transaction begin
, well, things are
going to start getting messy, and probably spiral outside of my control
:)
Regards and Thanks
Stef
pgpS2GmOnfQcM.pgp
Description: PGP signature
resolution ([EMAIL PROTECTED]).
Please note, i am not asking for any sort of
'make cross-database work', merely asking if some sort
of 'clarification' between cross-database and cross-schema
would be beneficial.
Ideas ? Comments ?
regards
Stef
:)
regards
Stef
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
an error (improper parsing/expr
forming) in the pl/pgsql trigger code, or, well,
i dont know.
thoughts ? comments ? barking mad ?
Stef
---(end of broadcast)---
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail
26 matches
Mail list logo
