Tom Lane wrote:
> Stef Walter writes:
>> Tom Lane wrote:
>>> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
>>> a good idea to replace this part of the default pg_hba.conf file:
>
>> You're probably not suggesting this,
n't going to send that
> traffic off-machine. So I think it will act as advertised.
But will it accept traffic from off machine? If so, then essentially the
only line of defense is the security of the TCP stack. Or am I missing
something?
Cheers,
Stef
--
Sent via pgsql-hackers ma
x27;.
Essentially that would be the same as rlogin rsh, where if the user can
spoof a TCP connection, he can connect to postgresql. Depending on the
platform, an interface may have to be down for this to work.
Cheers,
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
t seems we could adopt this.
FWIW, there are checks for various bad netmasks. I incorporated these
techniques after seeing them in the corresponding postfix code.
BTW, there's also fallback code. If none of the methods work on a given
OS, then the ifaddrs code just lists 127.0.0.1/8 a
Dave Page wrote:
> On Mon, Sep 28, 2009 at 10:10 PM, Stef Walter
> wrote:
>
>> * Win32 using win_wsa2.dll
>
> I assume you mean ws2_32.dll?
Yes. I get dyslexic around windows DLLs. :)
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To
find it hard to
believe that anyone would have had more than 10K of addresses. However
for the sake of completeness attached is a patch with dynamically sized
buffers. This adds some code complexity, but maybe someone out there
would have run into this (extremely) edge case.
I believe this patch to be comp
Solaris, FreeBSD, Linux and Windows. As far as I can tell
this should also work on Mac OS, HPUX and AIX, and probably others.
* Added src/tools/ifaddrs/test_ifaddrs tool for testing interface
address code.
Cheers,
Stef
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sg
Robert Haas wrote:
>> Attached patch contains a fix.
>
> So is this one Ready for Committer?
Not yet. Two more things to do. Will work on them early next week:
* On Solaris the ioctl used only returns IPv4 addresses.
* Don't use hard coded buffers on win32 and ioct
Magnus Hagander wrote:
> On Mon, Sep 21, 2009 at 20:12, Stef Walter wrote:
> This patch does not build on Windows, the error is:
> ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
> referenced
> in function _pg_foreach_ifaddr
> ip.obj : error LNK2019: u
Tom Lane wrote:
> Stef Walter writes:
>> Allowing host names in pg_hba.conf would also solve this problem,
>> although the last person who tried to implement this it was a topic of
>> contention. I asked if I should focus on reverse DNS host names in
>> pg_hba.conf or p
ritten from scratch.
Good idea.
As far as I know postfix doesn't support win32. They use a similar
approach with using ioctls on some systems, getifaddrs on others.
I can take a look at the postfix code (src/util/inet_addr_local.c),
check out licenses, add win32 support and adapt it to postgres
Robert Haas wrote:
> On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter
> wrote:
>> Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
>> order to allow access from nearby machines, without running into the
>> maintenance problems of hard coding IP addresse
Magnus Hagander wrote:
> On Mon, Sep 21, 2009 at 20:12, Stef Walter wrote:
>
>
>
>> Updated in attached patch.
>
> This patch does not build on Windows, the error is:
> ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
> referenced
>
tion.
Done.
>> *** a/src/backend/libpq/pg_hba.conf.sample
>> --- b/src/backend/libpq/pg_hba.conf.sample
>> [...]
>>
>> + # You can also specify "samehost" to limit connections to those from
>> addresses
>> + # of the local machine. O
e can find there :(
I've checked AIX, Linux, BSD and Mac OS and NULL ifa_addr's are
documented in all of them.
Cheers,
Stef
diff --git a/configure.in b/configure.in
index e545a1f..b77ce2b 100644
*** a/configure.in
--- b/configure.in
*** AC_SUBST(OSSP_UUID_LIBS)
*** 969,975
Magnus Hagander wrote:
> On Wed, Aug 19, 2009 at 15:02, Stef Walter wrote:
>> Magnus Hagander wrote:
>>> On Wed, Aug 19, 2009 at 03:58, Stef Walter wrote:
>>>> Attached is a new patch, which I hope addresses all the concerns raised.
>>> I think you forgot to
Magnus Hagander wrote:
> On Wed, Aug 19, 2009 at 03:58, Stef Walter wrote:
>> Attached is a new patch, which I hope addresses all the concerns raised.
>
> I think you forgot to actually attach the patch
Whoops. Here it is.
Stef
diff --git a/configure.in b/configure.i
there someone I should ask to add my patch to
the commit fest? I hope I'm not being dense and missing something
obvious. :)
Cheers,
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Tom Lane wrote:
> Magnus Hagander writes:
>> On Fri, Aug 14, 2009 at 00:50, Stef Walter wrote:
>>> It would be great if, in the cidr-address field of pg_hba.conf, we could
>>> specify "samehost" and "samenet".
>
>> Seems like a reasonable
to be around to answer any questions that reviewers come up
> with :-)
Cool, I'll do that once we've worked out the kinks here. Is the right
way to go about it?
Cheers,
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
mehost" and
"samenet". The patch looks more invasive than it really is, due to
necessary indentation change (ie: a if block), and moving some code into
a separate function.
Thanks for your time. How can I help get a feature like this into
postgresql?
Cheers,
Stef
diff -
ty if your rollback trigger fails ?
Ugh. Down that road I can see madness looming, however, this -is-
monday so ... :)
Regards
Stef
Jonah H. Harris wrote:
Daisuke,
A patch was done for replication hooks which implements
global database-level triggers for connection startup and shu
information in the first place, well, things are
going to start getting messy, and probably spiral outside of my control
:)
Regards and Thanks
Stef
pgpS2GmOnfQcM.pgp
Description: PGP signature
d
if it isnt there say 'not found' ?
so, either thats an error (improper parsing/expr
forming) in the pl/pgsql trigger code, or, well,
i dont know.
thoughts ? comments ? barking mad ?
Stef
---(end of broadcast)---
TIP 3: if posting/
coming back with a
'cross-database not allowed' (when i am trying
to do cross-schema :)
regards
Stef
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
e wether or not
to attempt a schema resolution (history.table1) or database
resolution ([EMAIL PROTECTED]).
Please note, i am not asking for any sort of
'make cross-database work', merely asking if some sort
of 'clarification' between cross-database an
ry easily :)
Thanks and hope this makes some sort of sense :)
regards
Stef Telford <[EMAIL PROTECTED]>
---(end of broadcast)---
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command t
27 matches
Mail list logo
