In looking over our authentication code, I noticed that we create the child process before we check any of the pg_hba.conf file. Now, I realize we can't do authentication in the postmaster because of possible delay, and checking the user name and database name filters is just work that is better done in the child, but checking the IP address might prevent unauthorized clients from causing excessive process creation on the server. I know we have listen_addresses, but that defaults to "*" on the click-through installers, and not everybody knows how to set up a firewall.
Anyway, I just wanted to mention it in case there was something to be done here. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
