Impossible to bind to a specific IP address
Hi,
As far as I can tell from the documentaion, it is impossible to tell the
postmaster daemon to bind to just a single IP address - only to a
specific port on all IP addresses. This makes hardening the box
postgresql is running on impossible.
Is there a workaround to this? (other than trying to firewall off the
ports - the box needs to be protected from other boxes nearby - it is in
an insecure environment).
Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm "There's a moon
over Bourbon Street
tonight..."
Graham Leggett <minfrin@sharp.fm> writes:
As far as I can tell from the documentaion, it is impossible to tell the
postmaster daemon to bind to just a single IP address
Sure you can, assuming you're running a current release. See
VIRTUAL_HOST config parameter or equivalent -h commandline switch.
regards, tom lane
Hi,
As far as I can tell from the documentaion, it is impossible to tell the
postmaster daemon to bind to just a single IP address - only to a
specific port on all IP addresses. This makes hardening the box
postgresql is running on impossible.Is there a workaround to this? (other than trying to firewall off the
ports - the box needs to be protected from other boxes nearby - it is in
an insecure environment).
In 7.1.X you can bind to a specific IP. See postmaster -h flag. Not
sure about 7.0.X releases.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026