Postgres: default binding to world

Suggest Edits

postgres is currently configured to listen to 0.0.0.0. Binding to world (0.0.0.0) can be dangerous in cases where the hosting machine is exposed, and in general it indicates a non-minimal security posture which can cause other unexpected exposures.

Problem

In pg_hba.conf (adjust to your type of connection):

host    all             all             0.0.0.0/0            md5

Fix

In pg_hba.conf, bind to a specific range (adjust to your type of connection):

host    all             all             172.0.0.0/8        trust

Or if you have a specific address, bind it explicitly.

See

Configuring postgres
Serverfault: listen to specific addresses

Updated over 1 year ago