Stef Walter <stef-list@memberwebs.com> writes:
> Tom Lane wrote:
>> Now that the samehost/samenet patch is in, I wonder if it wouldn't be
>> a good idea to replace this part of the default pg_hba.conf file:
> You're probably not suggesting this, but I would be against a default
> setting of 'samehost' used with 'trust'.
> Essentially that would be the same as rlogin rsh, where if the user can
> spoof a TCP connection, he can connect to postgresql. Depending on the
> platform, an interface may have to be down for this to work.
Is there any actual risk here that we aren't taking already just by
allowing 127.0.0.1?
regards, tom lane