Could postgres offer at least a read-only view of the data in the interim? Ordering could be controlled by line number.
On Thu, March 30, 2006 10:14 am, Tom Lane wrote: > Andrew Dunstan <[EMAIL PROTECTED]> writes: > >> Tom Lane wrote: >> >>> If your pg_hba.conf looks like >>> host all all 0.0.0.0/32 md5 there's not much call to >>> update it >>> dynamically ... > >> There'll be a call to update it once - to 0.0.0.0/0 ;-) >> > > Doh ;-). Should make more effort to check my throwaway examples ... > > >> But it's not clear to me why a CONNECT right shouldn't encompass all >> the things that hba does, i.e. connect method, source address and auth >> method. > > Because that stuff doesn't fit into either the syntax of GRANT or the > system tables that store grant information. It's talking about concepts > that don't even exist in the SQL world (while users and databases > certainly do). > > Also, we know from experience that there's value in applying an ordered > set of tests in pg_hba.conf --- in particular, rules about "local" vs > "local net" vs "anywhere" connections are most easily expressed that > way. We would need some substitute rule or concept in order to do the same > work in GRANT, and I don't see what that would be. > > Recently in another thread someone was remarking about how ugly MySQL's > authentication methods are. I think that's in part because they have > chosen to wedge the client hostname into their concept of user. It > doesn't fit nicely. > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Have you searched our list archives? > > > http://archives.postgresql.org > > ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
