Tom Lane wrote:
Now that the samehost/samenet patch is in, I wonder if it wouldn't be
a good idea to replace this part of the default pg_hba.conf file:
You're probably not suggesting this, but I would be against a default
setting of 'samehost' used with 'trust'.
Essentially that would be the
Tom Lane wrote:
Having looked at the code, I think that samehost is pretty safe. I'm
still worried about samenet picking up a bogusly broad netmask --- but
samehost hard-wires the netmask at all-ones. Even if your network
configuration is really screwed up, the kernel isn't going to send
Tom Lane wrote:
Stef Walter stef-l...@memberwebs.com writes:
Tom Lane wrote:
Now that the samehost/samenet patch is in, I wonder if it wouldn't be
a good idea to replace this part of the default pg_hba.conf file:
You're probably not suggesting this, but I would be against a default
setting
Tom Lane wrote:
I was just poking at this.
Thanks for trying it out.
It seems to need rather a lot of
editorialization (eg to fix the lack of consistency about whether
nonstandard headers have configure tests, or bother to make use of the
tests that did get added).
I've now added tests
Dave Page wrote:
On Mon, Sep 28, 2009 at 10:10 PM, Stef Walter stef-l...@memberwebs.com
wrote:
* Win32 using win_wsa2.dll
I assume you mean ws2_32.dll?
Yes. I get dyslexic around windows DLLs. :)
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make
Robert Haas wrote:
So is this one Ready for Committer?
Here we go, I think this one is ready. In addition to previous patches,
it does:
* Use some techniques from postfix for getting interface addresses.
Couldn't use code outright, due to license incompatibilities.
* Tested on Solaris,
Whoops I missed this email...
Robert Haas wrote:
Rereading the thread, it seems that the main question is whether there
are any platforms that we support that have neither getifaddrs or
SIOCGIFCONF, or where they don't work properly.
As far as I can tell, there are no non-ancient mainstream
Robert Haas wrote:
Attached patch contains a fix.
So is this one Ready for Committer?
Not yet. Two more things to do. Will work on them early next week:
* On Solaris the ioctl used only returns IPv4 addresses.
* Don't use hard coded buffers on win32 and ioctl.
Cheers,
Stef
--
Sent
Magnus Hagander wrote:
On Mon, Sep 21, 2009 at 20:12, Stef Walter stef-l...@memberwebs.com wrote:
This patch does not build on Windows, the error is:
ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
referenced
in function _pg_foreach_ifaddr
ip.obj : error LNK2019
Magnus Hagander wrote:
On Mon, Sep 21, 2009 at 20:12, Stef Walter stef-l...@memberwebs.com wrote:
snip
Updated in attached patch.
This patch does not build on Windows, the error is:
ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
referenced
in function
Robert Haas wrote:
On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter stef-l...@memberwebs.com
wrote:
Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
order to allow access from nearby machines, without running into the
maintenance problems of hard coding IP addresses. However
Tom Lane wrote:
Mark Mielke m...@mark.mielke.cc writes:
Postfix has this capability and it works fine.
Hmm, have we looked at the Postfix code to see exactly how they do it?
I'd be a *lot* more comfortable adopting logic that's been proven in the
field than something written from scratch.
Tom Lane wrote:
Stef Walter stef-l...@memberwebs.com writes:
Allowing host names in pg_hba.conf would also solve this problem,
although the last person who tried to implement this it was a topic of
contention. I asked if I should focus on reverse DNS host names in
pg_hba.conf or portability
Thanks for your review!
Abhijit Menon-Sen wrote:
First, it needs to be reformatted to not use a space before the opening
parentheses in (some) function calls and definitions.
Fixed in the attached patch.
*** a/doc/src/sgml/client-auth.sgml
--- b/doc/src/sgml/client-auth.sgml
[...]
I'd
[Thanks for the heads up about the MessageID missing when posting this
previously. Was doing some mail filter development, and accidentally
left it in place... ]
Magnus Hagander wrote:
2009/8/25 Alvaro Herrera alvhe...@commandprompt.com:
Something to keep in mind -- my getifaddrs(3) manpage
Magnus Hagander wrote:
On Wed, Aug 19, 2009 at 15:02, Stef Walterstef-l...@memberwebs.com wrote:
Magnus Hagander wrote:
On Wed, Aug 19, 2009 at 03:58, Stef Walterstef-l...@memberwebs.com wrote:
Attached is a new patch, which I hope addresses all the concerns raised.
I think you forgot to
Magnus Hagander wrote:
On Wed, Aug 19, 2009 at 03:58, Stef Walterstef-l...@memberwebs.com wrote:
Attached is a new patch, which I hope addresses all the concerns raised.
I think you forgot to actually attach the patch
Whoops. Here it is.
Stef
diff --git a/configure.in b/configure.in
Attached is a new patch, which I hope addresses all the concerns raised.
Magnus Hagander wrote:
I've attached an initial patch which implements samehost and
samenet. The patch looks more invasive than it really is, due to
necessary indentation change (ie: a if block), and moving some code into
Magnus Hagander wrote:
A couple of comments on the patch:
Thanks I'll keep these in mind, as things progress and for future patches.
* In general, don't include configure in the patch. Just configure.in.
Makes it easier to read, and configure is normally built by the
committer anyway.
*
Tom Lane wrote:
Magnus Hagander mag...@hagander.net writes:
On Fri, Aug 14, 2009 at 00:50, Stef Walterstef-l...@memberwebs.com wrote:
It would be great if, in the cidr-address field of pg_hba.conf, we could
specify samehost and samenet.
Seems like a reasonable feature - especially the
I love using postgresql, and have for a long time. I'm involved with
almost a hundred postgresql installs. But this is the first time I've
gotten into the code.
Renumbering networks happens often, and will happen more frequently as
IPv4 space runs low. The IP based restrictions in pg_hba.conf is
21 matches
Mail list logo
