search

limads / queries

Queries is a workbench to interact with relational databases, with initial support for Postgres.
GNU General Public License v3.0
50 stars 3 forks source link

Overly restrictive connection settings #6

Open almereyda opened 1 year ago

almereyda commented 1 year ago

As much as I appreciate the restrictions in connecting to localhost databases, I had some difficulties in finding the correct combination of allowed settings. For the localhost alias may translate to an IPv4 or IPv6 address, depending on the availability of network addresses in the local nss, and could also very well be something different other than 127.0.0.1 or localhost.

For example, the valid loopback address 127.0.10.10 is not recognised as part of the loopback interface, as defined in RFC 6890, and will require a secured connection to the database.

For IPv6, also the networks ::1/128 and fe80::/10 should be considered link-local addresses.

limads commented 1 year ago

You are right. The standard library provides the functions Ipv4::is_loopback and Ipv6::is_loopback that cover the cases you mentioned, this can be fixed for the next release.

almereyda commented 1 year ago

Is it considerable to also include the Private Adress Space as defined in RFC1918?

limads commented 1 year ago

Starting from version 1.5 (the last one), you should be able to disable TLS for private address hosts. Make sure you are using this last version, and set the TLS version to None at the security settings before connecting.

almereyda commented 1 year ago

This is very well received.