Hacker News new | ask | show | jobs
by rst 4823 days ago
A firewall might be adequate; configuring postgres itself seems not to be. The vulnerable code is invoked before client authentication, so anyone who can make a tcp connection to the postmaster process can exploit the attack, even if their source IP would otherwise get them unconditionally bounced.
1 comments
fulafel 4823 days ago
you don't need a firewall as long as you don't turn on remote connections. that's the listen_address option.
link