[glom] Self hosting: Only allow attempts from localhost when not shared.

[Murray Cumming <murrayc src gnome org>]

commit d050f6a0b5ea75c7f39798cc513b6e236182b9f2
Author: Murray Cumming <murrayc murrayc com>
Date:   Thu Oct 25 21:42:13 2012 +0200

    Self hosting: Only allow attempts from localhost when not shared.
    
            * glom/libglom/connectionpool_backends/postgres_self.cc:
    When the Glom system should not be shared on the network (the
    default for new files), do not even allow connection attempts
    from non-localhost. This also removes the use of the deprecated
    postgres -i option.

 ChangeLog                                          |   10 ++++++++++
 .../connectionpool_backends/postgres_self.cc       |    3 ++-
 2 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 99432f0..2062b09 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 2012-10-25  Murray Cumming  <murrayc murrayc com>
 
+        Self hosting: Only allow attempts from localhost when not shared.
+
+        * glom/libglom/connectionpool_backends/postgres_self.cc:
+	When the Glom system should not be shared on the network (the 
+	default for new files), do not even allow connection attempts
+	from non-localhost. This also removes the use of the deprecated 
+	postgres -i option.
+
+2012-10-25  Murray Cumming  <murrayc murrayc com>
+
         Self hosting: Avoid use of unix-domain sockets.
 
         * glom/libglom/connectionpool_backends/postgres_self.cc:
diff --git a/glom/libglom/connectionpool_backends/postgres_self.cc b/glom/libglom/connectionpool_backends/postgres_self.cc
index ee4b1b0..2afb7f3 100644
--- a/glom/libglom/connectionpool_backends/postgres_self.cc
+++ b/glom/libglom/connectionpool_backends/postgres_self.cc
@@ -424,9 +424,10 @@ Backend::StartupErrors PostgresSelfHosted::startup(const SlotProgress& slot_prog
   const std::string dbdir_hba = Glib::build_filename(dbdir_config, "pg_hba.conf");
   const std::string dbdir_ident = Glib::build_filename(dbdir_config, "pg_ident.conf");
   const std::string dbdir_pid = Glib::build_filename(dbdir, "pid");
+  const std::string listen_address = (m_network_shared ? "*" : "localhost");
   const std::string command_postgres_start = get_path_to_postgres_executable("postgres") + " -D " + Glib::shell_quote(dbdir_data)
                                   + " -p " + port_as_text
-                                  + " -i " //Equivalent to -h "*", which in turn is equivalent to listen_addresses in postgresql.conf. Listen to all IP addresses, so any client can connect (with a username+password). TODO: -i is deprecated in favour of -h
+                                  + " -h " + listen_address
                                   + " -c hba_file=" + Glib::shell_quote(dbdir_hba)
                                   + " -c ident_file=" + Glib::shell_quote(dbdir_ident)