Open mattcrdb opened 4 years ago
Thanks Matt for filing this. @aaron-crl I have pasted the pg algorithm in the issue desc at top, can you check that their security claim about the double DNS lookup is sound?
Just to understand context: Is this (1) something we want to do because pg does it already and we want to implement it as best we can, or do we want to (2) consider the wisdom of implementing this feature altogether?
To your direct question @knz : DNS isn't a terrible secure protocol (in spite of it's ubiquity). I don't feel that relying on reverse-forward DNS in this way is a good security feature as there are very practical (though constrained) attacks against this approach. If we follow the pg pattern we will be susceptible to those too.
DNS isn't a terrible secure protocol (in spite of it's ubiquity). I don't feel that relying on reverse-forward DNS in this way is a good security feature as there are very practical (though constrained) attacks against this approach. If we follow the pg pattern we will be susceptible to those too.
That's what I was fearing, thanks for confirming. We'll need to brainstorm the user stories that name-based filtering is enabling, and find replacements for those.
We have marked this issue as stale because it has been inactive for 18 months. If this issue is still relevant, removing the stale label or adding a comment will keep it active. Otherwise, we'll close it in 10 days to keep the issue queue tidy. Thank you for your contribution to CockroachDB!
CockroachDB's current HBA implementation only supports numeric CIDR specs for the client host filter column, or the
all
keyword.PostgreSQL supports also hostnames, as well as the keywords
samehost
andsamenet
.This issue is to also support hostnames in CockroachDB. Support for
samehost
andsamenet
can be considered in the PR to address this issue, but is not required.The PostgreSQL algorithm is a bit expensive, in order to remain secure:
cc @aaron-crl
Jira issue: CRDB-5112