On Wed, Sep 23, 2009 at 18:41, Stef Walter <stef-l...@memberwebs.com> wrote: > Magnus Hagander wrote: >> On Mon, Sep 21, 2009 at 20:12, Stef Walter <stef-l...@memberwebs.com> wrote: >> >> >> <snip> >>> Updated in attached patch. >> >> This patch does not build on Windows, the error is: >> ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36 >> referenced >> in function _pg_foreach_ifaddr >> ip.obj : error LNK2019: unresolved external symbol __imp__wsasock...@24 >> referenc >> ed in function _pg_foreach_ifaddr >> .\Release\libpq\libpq.dll : fatal error LNK1120: 2 unresolved externals >> >> >> I don't have time to investigate this further right now, so if >> somebody else want to dig into why that is happening that would be >> helpful :) > > My windows VM is giving me problems, but I'll try look into it unless > someone else beats me to do it.
If you want a VM that works, look at: http://blog.hagander.net/archives/151-Testing-PostgreSQL-patches-on-Windows-using-Amazon-EC2.html If it's just the VM... :-) >> Also, one thought - with samenet we currently from what I can tell >> enumerate all interfaces. Not just those we bind to based on >> listen_addresses. Is that intentional, or should we restrict us to >> subnets reachable through the interfaces we're actually listening on? > > This would change the scope of the patch significantly. It seems that > adding that limitation is unnecessary. In my opinion, if stricter hba > security is required, and limiting to specific subnets are desired, > those subnets should be entered directly into the pg_hba.conf file. > > Currently people are adding 0.0.0.0 to a default pg_hba.conf file in > order to allow access from nearby machines, without running into the > maintenance problems of hard coding IP addresses. However using 0.0.0.0 > is clearly suboptimal from a security perspective. > > I've seen the samenet feature as a way to avoid the use of 0.0.0.0 in > these cases. > > Obviously people who would like stricter postgres security can configure > subnets manually, and would probably not be comfortable with 'automatic' > decisions being made about the subnets allowed. Agreed. In that case, I think we just need to make that clearer in the docs, so people don't make the mistake of thinking it means somehting other than what it does. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers