Andrew Dunstan wrote:These are orthogonal issues. What I have suggested above would work purely at the address level, without any name lookup.
We currently have this in the default pg_hba.conf file:
host all all 127.0.0.1 255.255.255.255 trust
The idea was to have something which would perform equivalently on IP4 only, IP4 over IP6 and pure IP6 connections, without breaking the postmaster host in any of them.
It is perfectly true that it could be mangled by the administrator - this would save him/her having to do so for the default case. In my proposal you would replace this default line with:
loopback all all trust
It's the fact that it is the default that makes it special. Does that make things clearer?
We have avoided doing dns lookups from pg_hba.conf, and hence the use of 127.0.0.1 instead of localhost. Now that we cache pg_hba.conf, we could consider allowing hostnames in pg_hba.conf. Is that a TODO?
As for the IPv6 issue --- how prevalent is this problem. What OS versions are affected? Has the user done something special to enable this?
Systems (e.g. SUSE) are shipping with IP6 turned on by default - that's how this came up in the first place.
DNS lookups were discussed back in May, but there didn't seem to be a nice way to do it in conjunction with netmasks, so I didn't proceed with it after I did CIDR masks.
If someone can suggest good semantics and there is demand for it I can look at it again (or someone else can).
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
