On Wed, 2010-03-24 at 19:49 +0900, Fujii Masao wrote: > On Wed, Mar 24, 2010 at 7:29 PM, Simon Riggs <si...@2ndquadrant.com> wrote: > > So we are allowing a database to be called "REPLICATION"? > > Yes. > > > Surely there > > are some significant problems in that case. How will access control to > > that database work in the pg_hba.conf? > > We can do that by enclosing the database field of pg_hba.conf in double > quotes as follows. > > TYPE DATABASE USER CIDR-ADDRESS METHOD > host "replication" foo 192.168.0.5 md5 > > In pg_hba.conf, double-quoted keyword like "all", "sameuser", "samerole" > or "replication" matches a database with that name.
So we might have a pg_hba.conf that looks like this TYPE DATABASE USER CIDR-ADDRESS METHOD host "replication" foo 192.168.0.5 md5 host replication foo 192.168.0.5 md5 Which looks pretty strange. I think we should change that, though if not we should at least document it. That probably tips the balance towards having the alternate wording: LOG: replication connection authorized: user=foo It also highlights another problem: it's possible to have database names that contain spaces. There are no double quotes around most of the things that get logged. So if we do CREATE DATABASE "oh my god"; will cause things like this to be logged without quotes LOG: connection authorized: user=foo database=oh my god -- Simon Riggs www.2ndQuadrant.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
