Tom Lane wrote: > Stef Walter <stef-l...@memberwebs.com> writes: >> Tom Lane wrote: >>> Now that the samehost/samenet patch is in, I wonder if it wouldn't be >>> a good idea to replace this part of the default pg_hba.conf file: > >> You're probably not suggesting this, but I would be against a default >> setting of 'samehost' used with 'trust'. > >> Essentially that would be the same as rlogin rsh, where if the user can >> spoof a TCP connection, he can connect to postgresql. Depending on the >> platform, an interface may have to be down for this to work. > > Is there any actual risk here that we aren't taking already just by > allowing 127.0.0.1?
Yes, RFC 1122 specifies that 127.0.0.0/8 must not appear outside of a single host. Checks for this are implemented. For example in FreeBSD: http://fxr.watson.org/fxr/source/netinet/ip_input.c#L440 http://fxr.watson.org/fxr/search?string=IN_LOOPBACK Obviously I can't guarantee this for any given OS. However it does seem like a pretty standard security feature of the IP stack. In my opinion, adding samehost into the default pg_hba.conf with the method set to md5 (attached patch) would be both usable and secure. Cheers, Stef
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample index cfcd246..ea83d4d 100644 *** a/src/backend/libpq/pg_hba.conf.sample --- b/src/backend/libpq/pg_hba.conf.sample *************** *** 75,77 **** --- 75,79 ---- host all all 127.0.0.1/32 @authmethod@ # IPv6 local connections: host all all ::1/128 @authmethod@ + # Host's IPv4 and IPv6 connections: + host all all samehost md5
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
