|
Home > Archive > Pgadmin > September 2005 > Firewall locks Windows version
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Firewall locks Windows version
|
|
| Stephen McConnell 2005-08-24, 7:25 am |
| I installed the Windows version of pgAdminIII. My plan is to use it to
administer a remote PostgreSQL instance on a Linux box on my network.
When I start it up, it hangs after Norton Internet Firewall notifies me
that pgAdminIII.exe is requesting a DNS server. If I turn off the
Firewall pgAdmin starts up. When I restart the Firewall, it hangs
again.
1) WHY is this program requesting access to a DNS server? It is not
mentioned in the FAQS or in ANY documentation that your progam requires
access to a DNS server.
2) WHY does the program HANG? Your exception handling should be better
than that, or your program should recognize that it has no access to a
DNS server and time out and escape from that condition .... NOT hang
indefinitely.
3) What is the solution to this OTHER than removing the Firewall?
Stephen McConnell
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql
.org so that your
message can get through to the mailing list cleanly
| |
| Dave Page 2005-08-24, 7:25 am |
|
> -----Original Message-----
> From: pgadmin-support-owner@postgresql.org
> [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of
> Stephen McConnell
> Sent: 24 August 2005 03:02
> To: pgadmin-support@postgresql.org
> Subject: [pgadmin-support] Firewall locks Windows version
>
> I installed the Windows version of pgAdminIII. My plan is to use it to
> administer a remote PostgreSQL instance on a Linux box on my network.
>
> When I start it up, it hangs after Norton Internet Firewall
> notifies me
> that pgAdminIII.exe is requesting a DNS server. If I turn off the
> Firewall pgAdmin starts up. When I restart the Firewall, it hangs
> again.
>
> 1) WHY is this program requesting access to a DNS server? It is not
> mentioned in the FAQS or in ANY documentation that your
> progam requires
> access to a DNS server.
pgAdmin has to look up the address of the server you're trying to
connect to. It's not in the docs or any FAQs because it's such a basic
operation that almost every TCP/IP network program on the planet will
also do.
> 2) WHY does the program HANG? Your exception handling should
> be better
> than that, or your program should recognize that it has no access to a
> DNS server and time out and escape from that condition .... NOT hang
> indefinitely.
Functions like gethostbyname() are written by Microsoft, not us. If they
don't return, there's not much we can do. I suppose we could run every
system call in a different thread so we can abort if it doesn't return,
but that would bring a whole new meaning to the term 'bloatware' and
would probably mean we would still be writing the connect code.
> 3) What is the solution to this OTHER than removing the Firewall?
Configure a sensible firewall policy that allows pgAdmin to perform
lookups? If your firewall doesn't allow you to do this, throw it in the
bin and get a decent one.
Regards, Dave
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
| |
| Stephen McConnell 2005-08-25, 3:37 am |
| Dave
"Functions like gethostbyname() are written by Microsoft, not us. If
they
don't return, there's not much we can do. I suppose we could run every
system call in a different thread so we can abort if it doesn't return,
but that would bring a whole new meaning to the term 'bloatware' and
would probably mean we would still be writing the connect code."
While you probably don't need to write a new thread for each and every
system call, PROFESSIONAL PROGRAMMING DISCIPLINE determines which
system calls could possibly hang a program and performs the appropriate
exception handling. Any other development process that writes a widely
distributed application to be used on a particular platform (Open
source or not) is hubris (very much like Microsoft, I'll admit).
"Configure a sensible firewall policy that allows pgAdmin to perform
lookups? If your firewall doesn't allow you to do this, throw it in the
bin and get a decent one."
I was wondering if you had a constructive solution, since the
organization I work in uses Norton Anti Virus and Internet Firewall as
a standard and I can't simply just "throw it in the bin." I hate
having to try to configure a new rule, have pgAdmin hang and then retry
a new rule.
Since, I don't need a DNS server (I'm using ip addresses rather than
names to access PostgreSQL on another server), maybe there could be an
option added that disables this "feature".
Steve McConnell
> -----Original Message-----
> From: pgadmin-support-owner ( at ) postgresql ( dot ) org
> [mailto:pgadmin-support-owner ( at ) postgresql ( dot ) org] On
Behalf Of
> Stephen McConnell
> Sent: 24 August 2005 03:02
> To: pgadmin-support ( at ) postgresql ( dot ) org
> Subject: [pgadmin-support] Firewall locks Windows version
>
> I installed the Windows version of pgAdminIII. My plan is to use it
to
> administer a remote PostgreSQL instance on a Linux box on my network.
>
> When I start it up, it hangs after Norton Internet Firewall
> notifies me
> that pgAdminIII.exe is requesting a DNS server. If I turn off the
> Firewall pgAdmin starts up. When I restart the Firewall, it hangs
> again.
>
> 1) WHY is this program requesting access to a DNS server? It is not
> mentioned in the FAQS or in ANY documentation that your
> progam requires
> access to a DNS server.
pgAdmin has to look up the address of the server you're trying to
connect to. It's not in the docs or any FAQs because it's such a basic
operation that almost every TCP/IP network program on the planet will
also do.
> 2) WHY does the program HANG? Your exception handling should
> be better
> than that, or your program should recognize that it has no access to
a
> DNS server and time out and escape from that condition .... NOT hang
> indefinitely.
Functions like gethostbyname() are written by Microsoft, not us. If
they
don't return, there's not much we can do. I suppose we could run every
system call in a different thread so we can abort if it doesn't return,
but that would bring a whole new meaning to the term 'bloatware' and
would probably mean we would still be writing the connect code.
> 3) What is the solution to this OTHER than removing the Firewall?
Configure a sensible firewall policy that allows pgAdmin to perform
lookups? If your firewall doesn't allow you to do this, throw it in the
bin and get a decent one.
Regards, Dave
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
| |
| Tino Wildenhain 2005-08-25, 7:24 am |
| Stephen McConnell schrieb:
> Dave
>
> "Functions like gethostbyname() are written by Microsoft, not us. If
> they
> don't return, there's not much we can do. I suppose we could run every
> system call in a different thread so we can abort if it doesn't return,
> but that would bring a whole new meaning to the term 'bloatware' and
> would probably mean we would still be writing the connect code."
>
> While you probably don't need to write a new thread for each and every
> system call, PROFESSIONAL PROGRAMMING DISCIPLINE determines which
> system calls could possibly hang a program and performs the appropriate
> exception handling. Any other development process that writes a widely
> distributed application to be used on a particular platform (Open
> source or not) is hubris (very much like Microsoft, I'll admit).
"PROFESSIONNAL PROGRAMMING" is paid programming. So this is an
offer on sponsorship by you?
>
> "Configure a sensible firewall policy that allows pgAdmin to perform
> lookups? If your firewall doesn't allow you to do this, throw it in the
> bin and get a decent one."
>
> I was wondering if you had a constructive solution, since the
> organization I work in uses Norton Anti Virus and Internet Firewall as
> a standard and I can't simply just "throw it in the bin." I hate
> having to try to configure a new rule, have pgAdmin hang and then retry
> a new rule.
The Norton Anti Virus and foobar is probably the worst "security
solution" one can buy. Maybe your company should invest in a
consultant rather then believe in false security?
You dont believe? Scan securityfocus mailinglist for further details.
> Since, I don't need a DNS server (I'm using ip addresses rather than
> names to access PostgreSQL on another server), maybe there could be an
> option added that disables this "feature".
Why? You could as well add sensible configuration - which is the whole
point of having a firewall :-) Btw, the sources are open - you
can make and submit a patch if you dont like particular implementation :-)
You can even privately patch your copy in any way you like.
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
| |
| Tino Wildenhain 2005-08-25, 9:24 am |
| Stephen McConnell schrieb:
> No Tino, PROFESSIONAL PROGRAMMING is an attitude. I've been
> programming since 1974, both Open Source AND Paid Programming. For the
> USAF, Private Industry and as an IBM Global Services Consultant and now
> on my own personal Open Source Project.
.... yada yada...
well well... there was no childish comment unless you started with the
professinal programming in all caps. You use crappy OS and extend it
with even crappier third party software and then moan when things
start to get nasty ;) Its not Daves fault that gethostbyname() on
windows uses DNS subroutine when it has to look up a simple IP
address. Its also not the fault of Dave you have a strange configured
"personal firewall". Its just not Daves business. The application
works fine in the environment it was written for. There was
a bugreport and a fix for using unix sockets - which was really an
improvement.
I dont think adding a regex routine just to find out a shortcut
for translating a literal string which means an IP-address
is worth the effort - think that "professional programmers"
take efficiency in account. And adding a bunch of code just
for very very rare use cases for a function which should be
provided by the OS is rarely effective.
I wonder if windows telnet implementation works differently. I really
doubt it.
I'm sorry if I stepped on your feet.
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
| |
| Andreas Pflug 2005-08-25, 9:24 am |
| Tino Wildenhain wrote:
> improvement.
>
> I dont think adding a regex routine just to find out a shortcut
> for translating a literal string which means an IP-address
> is worth the effort - think that "professional programmers"
> take efficiency in account. And adding a bunch of code just
> for very very rare use cases for a function which should be
> provided by the OS is rarely effective.
This is the very single report of DNS lookup problems. Until we added
extended information to FAQs, we had complaints about interrupted
connections, caused by misconfigured firewalls. We won't change pgAdmins
behaviour to catch bad installations, but continue to concentrate on
_valuable_ coding. There's enough sensible stuff on the wish list.
Regards,
Andreas
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
| |
| Tino Wildenhain 2005-08-25, 9:24 am |
| Andreas Pflug schrieb:
> Tino Wildenhain wrote:
>
>
>
> This is the very single report of DNS lookup problems. Until we added
> extended information to FAQs, we had complaints about interrupted
> connections, caused by misconfigured firewalls. We won't change pgAdmins
> behaviour to catch bad installations, but continue to concentrate on
> _valuable_ coding. There's enough sensible stuff on the wish list.
>
Ah, and btw. Skimming thru the code "read professinonalism" (we take
every hint seriously ;)) it appears libpq would be to blame for
calling gethostbyname(). This is even outside of Daves skope.
Regards
Tino
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
| |
| Andreas Pflug 2005-08-25, 11:24 am |
| Tino Wildenhain wrote:
>
> Ah, and btw. Skimming thru the code "read professinonalism" (we take
> every hint seriously ;)) it appears libpq would be to blame for
> calling gethostbyname(). This is even outside of Daves skope.
Yup, this is pgsql-hackers stuff. Or even better billg@microsoft.com.
Please don't forget to post his answer here, we're curious :->
Regards,
Andreas
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
| |
| Art Fore 2005-09-01, 3:24 am |
| I have pgadminIII running on WinXP with no problems. I am using Computer
Associates EZfirewall and have the WinXP firewall turned off. I also
had norton firewall at one time, an it worked with it, but I had to turn
off the winxp firewall.
Art
Tino Wildenhain wrote:
> Stephen McConnell schrieb:
>
>
> ... yada yada...
>
>
> well well... there was no childish comment unless you started with the
> professinal programming in all caps. You use crappy OS and extend it
> with even crappier third party software and then moan when things
> start to get nasty ;) Its not Daves fault that gethostbyname() on
> windows uses DNS subroutine when it has to look up a simple IP
> address. Its also not the fault of Dave you have a strange configured
> "personal firewall". Its just not Daves business. The application
> works fine in the environment it was written for. There was
> a bugreport and a fix for using unix sockets - which was really an
> improvement.
>
> I dont think adding a regex routine just to find out a shortcut
> for translating a literal string which means an IP-address
> is worth the effort - think that "professional programmers"
> take efficiency in account. And adding a bunch of code just
> for very very rare use cases for a function which should be
> provided by the OS is rarely effective.
>
> I wonder if windows telnet implementation works differently. I really
> doubt it.
>
> I'm sorry if I stepped on your feet.
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster
>
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
|
|
|
|
|