Tom Lane wrote: > Now that the samehost/samenet patch is in, I wonder if it wouldn't be > a good idea to replace this part of the default pg_hba.conf file:
You're probably not suggesting this, but I would be against a default setting of 'samehost' used with 'trust'. Essentially that would be the same as rlogin rsh, where if the user can spoof a TCP connection, he can connect to postgresql. Depending on the platform, an interface may have to be down for this to work. Cheers, Stef -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
