On Wed, 8 Jan 2020 at 23:55, Vik Fearing <vik.fear...@2ndquadrant.com> wrote:
> On 08/01/2020 23:13, Peter Eisentraut wrote: > > On 2020-01-06 17:03, Tom Lane wrote: > >> So it's not clear to me whether we have any meeting of the minds > >> on wanting this patch. > > > > This fairly far-ranging syntax reorganization of pg_hba.conf doesn't > > appeal to me. pg_hba.conf is complicated enough conceptually for > > users, but AFAICT nobody ever complained about the syntax or the > > lexical structure specifically. Assigning meaning to randomly chosen > > special characters, moreover in a security-relevant file, seems like > > the wrong way to go. > > > > Moreover, this thread has morphed from what it says in the subject > > line to changing the syntax of pg_hba.conf in a somewhat fundamental > > way. So at the very least someone should post a comprehensive summary > > of what is being proposed, instead of just attaching patches that > > implement whatever was discussed across the thread. > > > > What is being proposed is what is in the Subject and the original > patch. The other patch is because Tom didn't like "the continuing creep > of pseudo-reserved database and user names" so I wrote a patch to mark > such reserved names and rebased my original patch on top of it. Only > the docs changed in the rebase. The original patch (or its rebase) is > what I am interested in. > Hopefully there will be no danger of me gaining access if I have a crafted rolename? postgres=# create role "&backdoor"; CREATE ROLE -- Simon Riggs http://www.2ndQuadrant.com/ <http://www.2ndquadrant.com/> PostgreSQL Solutions for the Enterprise