TCP Wrappers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

TCP Wrappers

Timmy Siu
Dear all postgresql developers,

I have tested postgres v11 against TCP Wrappers but it does not respond
to TCP wrappers port blocking.

May I suggest the community to have postgres to work with TCP wrappers.??
Its security will be better.


Regards,
Timmy




Reply | Threaded
Open this post in threaded view
|

Re: TCP Wrappers

Steve Crawford

On Wed, Oct 9, 2019 at 12:56 PM Timmy Siu <[hidden email]> wrote:
Dear all postgresql developers,

I have tested postgres v11 against TCP Wrappers but it does not respond
to TCP wrappers port blocking.

May I suggest the community to have postgres to work with TCP wrappers.??
Its security will be better.


The last stable release of TCP Wrappers was a couple decades ago. It's deprecated in RHEL7 and removed in RHEL8.  I'm not a PG core member or anything but rather doubt that's an area where the developers will want to expend effort.

Cheers,
Steve

Reply | Threaded
Open this post in threaded view
|

Re: TCP Wrappers

Lou Picciano
Yeah, why bother. Even ’native’ encryption/SSL in PG (were one to use it ‘natively’, as we do) is so good; adding yet another layer seems overkill…

Lou Picciano

On Oct 9, 2019, at 6:39 PM, Steve Crawford <[hidden email]> wrote:


On Wed, Oct 9, 2019 at 12:56 PM Timmy Siu <[hidden email]> wrote:
Dear all postgresql developers,

I have tested postgres v11 against TCP Wrappers but it does not respond
to TCP wrappers port blocking.

May I suggest the community to have postgres to work with TCP wrappers.??
Its security will be better.


The last stable release of TCP Wrappers was a couple decades ago. It's deprecated in RHEL7 and removed in RHEL8.  I'm not a PG core member or anything but rather doubt that's an area where the developers will want to expend effort.

Cheers,
Steve


Reply | Threaded
Open this post in threaded view
|

Re: TCP Wrappers

Tom Lane-2
In reply to this post by Steve Crawford
Steve Crawford <[hidden email]> writes:
> On Wed, Oct 9, 2019 at 12:56 PM Timmy Siu <[hidden email]> wrote:
>> May I suggest the community to have postgres to work with TCP wrappers.??
>> Its security will be better.

> The last stable release of TCP Wrappers was a couple decades ago. It's
> deprecated in RHEL7 and removed in RHEL8.  I'm not a PG core member or
> anything but rather doubt that's an area where the developers will want to
> expend effort.

Yeah.  In a quick dig through the project archives, I can find exactly
one prior suggestion that we should do this, and that email is old
enough to drink:

https://www.postgresql.org/message-id/v0313030fb141b1665de9%40%5B137.78.218.94%5D

That doesn't bode well for the number of people who would use or care
about such a feature.

                        regards, tom lane


Reply | Threaded
Open this post in threaded view
|

Re: TCP Wrappers

Craig Ringer-3
On Thu, 10 Oct 2019 at 07:15, Tom Lane <[hidden email]> wrote:

That doesn't bode well for the number of people who would use or care
about such a feature.

Agreed.  tcp_wrappers predates the widespread availability of easy, effective software firewalls. Back when services listened on 0.0.0.0 and if you were lucky you had ipfwadm, tcp_wrappers made a lot of sense. Now it's IMO a pointless layer of additional complexity that no longer serves a purpose.


--
 Craig Ringer                   http://www.2ndQuadrant.com/
 2ndQuadrant - PostgreSQL Solutions for the Enterprise