I want to add what the idea behind this setting is: The authentication checks in pg_hba.conf are done at a rather late stage of creating the connection. If the server accepts TCP connections from anyone on the Internet, it's trivial to DOS the PostgreSQL server. The current installation default in the Debian package is therefore a gaping security hole. The default setting is therefore to not make the database server visible on external interfaces. The comparison with Apache and SSH is flawed because those services are designed to operate on the open Internet whereas PostgreSQL is definitely not designed for that.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
