Participants
Timmy Siu
Timmy Siu
Steve Crawford
Steve Crawford
Lou Picciano
Lou Picciano
Tom Lane
Tom Lane
Craig Ringer
Craig Ringer
Attachments

No attachments in this thread

Thread Outline
#1...#2
Timmy SiuSteve Crawford
Oct 09, 2019
#1Timmy SiuTimmy Siu
Oct 09, 2019
#2Steve CrawfordSteve Crawfordto Timmy Siu (#1)
Oct 09, 2019
#3Lou PiccianoLou Piccianoto Steve Crawford (#2)
Oct 09, 2019
#4...#5
Tom LaneCraig Ringer
to Steve Crawford (#2)
Oct 09, 2019
#4Tom LaneTom Laneto Steve Crawford (#2)
Oct 09, 2019
#5Craig RingerCraig Ringerto Tom Lane (#4)
Oct 09, 2019

TCP Wrappers

Started by Timmy Siuover 6 years ago5 messages
#1Timmy Siu
Timmy Siu
timmy.siu@aol.com

Dear all postgresql developers,

I have tested postgres v11 against TCP Wrappers but it does not respond
to TCP wrappers port blocking.

May I suggest the community to have postgres to work with TCP wrappers.??
Its security will be better.

Regards,
Timmy

#2Steve Crawford
Steve Crawford
scrawford@pinpointresearch.com
In reply to: Timmy Siu (#1)
Re: TCP Wrappers

On Wed, Oct 9, 2019 at 12:56 PM Timmy Siu <timmy.siu@aol.com> wrote:

Dear all postgresql developers,

I have tested postgres v11 against TCP Wrappers but it does not respond
to TCP wrappers port blocking.

May I suggest the community to have postgres to work with TCP wrappers.??
Its security will be better.

The last stable release of TCP Wrappers was a couple decades ago. It's
deprecated in RHEL7 and removed in RHEL8. I'm not a PG core member or
anything but rather doubt that's an area where the developers will want to
expend effort.

Cheers,
Steve

#3Lou Picciano
Lou Picciano
LouPicciano@comcast.net
In reply to: Steve Crawford (#2)
Re: TCP Wrappers

Yeah, why bother. Even ’native’ encryption/SSL in PG (were one to use it ‘natively’, as we do) is so good; adding yet another layer seems overkill…

Lou Picciano

Show quoted text

On Oct 9, 2019, at 6:39 PM, Steve Crawford <scrawford@pinpointresearch.com> wrote:

On Wed, Oct 9, 2019 at 12:56 PM Timmy Siu <timmy.siu@aol.com <mailto:timmy.siu@aol.com>> wrote:
Dear all postgresql developers,

I have tested postgres v11 against TCP Wrappers but it does not respond
to TCP wrappers port blocking.

May I suggest the community to have postgres to work with TCP wrappers.??
Its security will be better.

The last stable release of TCP Wrappers was a couple decades ago. It's deprecated in RHEL7 and removed in RHEL8. I'm not a PG core member or anything but rather doubt that's an area where the developers will want to expend effort.

Cheers,
Steve

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Steve Crawford (#2)
Re: TCP Wrappers

Steve Crawford <scrawford@pinpointresearch.com> writes:

On Wed, Oct 9, 2019 at 12:56 PM Timmy Siu <timmy.siu@aol.com> wrote:

May I suggest the community to have postgres to work with TCP wrappers.??
Its security will be better.

The last stable release of TCP Wrappers was a couple decades ago. It's
deprecated in RHEL7 and removed in RHEL8. I'm not a PG core member or
anything but rather doubt that's an area where the developers will want to
expend effort.

Yeah. In a quick dig through the project archives, I can find exactly
one prior suggestion that we should do this, and that email is old
enough to drink:

/messages/by-id/v0313030fb141b1665de9@%5B137.78.218.94%5D

That doesn't bode well for the number of people who would use or care
about such a feature.

regards, tom lane

#5Craig Ringer
Craig Ringer
craig@2ndquadrant.com
In reply to: Tom Lane (#4)
Re: TCP Wrappers

On Thu, 10 Oct 2019 at 07:15, Tom Lane <tgl@sss.pgh.pa.us> wrote:

That doesn't bode well for the number of people who would use or care
about such a feature.

Agreed. tcp_wrappers predates the widespread availability of easy,
effective software firewalls. Back when services listened on 0.0.0.0 and if
you were lucky you had ipfwadm, tcp_wrappers made a lot of sense. Now it's
IMO a pointless layer of additional complexity that no longer serves a
purpose.

--
Craig Ringer http://www.2ndQuadrant.com/
2ndQuadrant - PostgreSQL Solutions for the Enterprise

← Back to Topics