Stephen Frost wrote:
* Andrew Dunstan ([EMAIL PROTECTED]) wrote:
Before we rehearse the discussion we had in June again, please review
it. It ended on these sensible words from Tom at
http://archives.postgresql.org/pgsql-hackers/2006-02/msg00550.php :
I'd have to disagree with this sentiment and agree with Gregory's
followup here:
http://archives.postgresql.org/pgsql-hackers/2006-02/msg00553.php
I don't know that there is a contradiction.
Frankly, any auth scheme based much on the client address or name is
suspect, in my view. Organisations like those he refers to can simply
put in a wildcard rule along with strong auth requirements and never
have to bother. This is not like having to specify what address a client
has to connect to.
Personally, I doubt there's any great use case for DNS names. Like Tom
says, if it involves much more that removing the AI_NUMERICHOST hint
then let's forget it.
Perhaps more to the point: let's do that and wait to see if the field
demand justifies expending lots of sweat on anything smarter. Given
that we've gone this long with only allowing numeric IPs in pg_hba.conf,
I suspect we'll find that few people really care.
I don't see that this argument really makes all that much sense- not
doing it properly and then waiting to see if people use it isn't exactly
how I'd go about finding out if people want it.
It depends on what you define as "properly".
If you want to include the use of wildcards, then you need a heck of a
lot more logic and processing. But we've hardly had people banging on
the doors demanding this.
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
