On Dec 23, 2007 12:20 PM, Bruce Momjian <[EMAIL PROTECTED]> wrote: > Gurjeet Singh wrote: > > On Dec 22, 2007 6:25 AM, Bruce Momjian <[EMAIL PROTECTED]> wrote: > > This way, if the attacker has control of even one interface (and > > optionally the local socket) that the clients are expected to connect to, > > the postmaster wouldn't start and the attacker won't have any traffic to > > peek into. > > Yes, that would fix the problem I mentioned but at that point the > attacker already has passwords so they can just connect themselves. > Having the server fail if it can't get one interface makes the server > less reliable.
It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea a good one in any case? If the postmaster can't bind on one of the specified interfaces, then at the least, haven't you got got a serious configuration error the sysadmin would want to know about? Having postmaster fail seems like a sensible response. "I can't start with the configuration you've given me, so I won't start at all" is fairly normal behaviour for a server process, no? Regards, BJ ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match