Document the purpose of the GUC listen_addresses.

1 files changed, 9 insertions, 3 deletions

diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index ee28bbb1079..ed7a0df7ca8 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.229 2009/09/22 23:43:37 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.230 2009/10/03 23:10:47 momjian Exp $ -->
 
 <chapter Id="runtime-config">
   <title>Server Configuration</title>
@@ -329,8 +329,14 @@ SET ENABLE_SEQSCAN TO OFF;
          at all, in which case only Unix-domain sockets can be used to connect
          to it.
          The default value is <systemitem class="systemname">localhost</>,
-         which allows only local <quote>loopback</> connections to be made.
-         This parameter can only be set at server start.
+         which allows only local <quote>loopback</> connections to be
+         made.  While client authentication (<xref
+         linkend="client-authentication">) allows fine-grained control
+         over who can access the server, <varname>listen_addresses</varname>
+         controls which interfaces accept connection attempts, which
+         can help prevent repeated malicious connection requests on
+         insecure network interfaces.  This parameter can only be set
+         at server start.
        </para>
       </listitem>
      </varlistentry>