Andrew Dunstan wrote: > > This doesn't look consistent to me. Local addresses can be all > > addresses that the host's interfaces are currently configured with, > > loopback is nothing special in this sense. The admin can easily do > > 'ifconfig' to see all addresses configured and enter them into > > pg_hba.conf, because these addresses are obvious. > > > We currently have this in the default pg_hba.conf file: > > host all all 127.0.0.1 255.255.255.255 trust > > The idea was to have something which would perform equivalently on IP4 > only, IP4 over IP6 and pure IP6 connections, without breaking the > postmaster host in any of them. > > It is perfectly true that it could be mangled by the administrator - > this would save him/her having to do so for the default case. In my > proposal you would replace this default line with: > > loopback all all trust > > It's the fact that it is the default that makes it special. Does that > make things clearer?
We have avoided doing dns lookups from pg_hba.conf, and hence the use of 127.0.0.1 instead of localhost. Now that we cache pg_hba.conf, we could consider allowing hostnames in pg_hba.conf. Is that a TODO? As for the IPv6 issue --- how prevalent is this problem. What OS versions are affected? Has the user done something special to enable this? -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
