I agree. Security is a good reason to have the pg_bha.conf around. I guess
it would make the TODO item a bit harder to develop hence one has to read
and write the file to support the future SQL commands too. I also looked
at the code for a moment; perhaps using a yacc/lex mechanism would make
things easier to develop the TODO item. Like creating a simple parser for
the config file to be able to read and or update it.
Reagrds,
Gevik.
> On Thursday 06 April 2006 09:45, Gevik Babakhani wrote:
>> Hello Folks,
>>
>> This may be a dumb question but please bear a moment with me.
>> About the TODO item %Allow pg_hba.conf settings to be controlled via
>> SQL: If in the future we could configure the settings by SQL commands,
>> assuming the settings are saved in an internal table, what would be the
>> need for a pg_hba.conf file anymore. (except for the backward
>> compatibility of cource)
>>
>
> I've generally been keeping the idea around as a foot-gun saver for when
> people lock themselves out of the database via the sql commands; this
> could
> give them a fall back mechanism to do authentication without something
> more
> drastic.
>
> I think some people might also prefer the pg_hba.conf method as more
> secure,
> since it requires local access to modify, making remote exploits a wee bit
> harder (admin tools that provide this functionality not-withstanding)
>
> --
> Robert Treat
> Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
>
>
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
