On Fri, 24 Apr 2009, Michael Torrie wrote:
pg_hba.conf is used to determine who can *connect*.
But why is this needed at all? MySQL lets me control all of this
without ever having to touch the config file, which is kind of important
in a hosted environment where the MySQL server is shared among many
customers.
It could certainly be done differently, but that's the way it's been done.
It's a separation of authentication from authorization. All the
network-level connection concerns are done in that configuration file,
while all the post-connection questions about authorization are done in
the database schema itself.
You can make a change to pg_hba.conf and send a HUP signal to load it
without disrupting service.
Postgres's users are a little different from MySQL's. In MySQL they're
arbitrary login and access names. In Postgres they are system roles that
actually own objects -- if you try to delete one it will tell you that
that role still owns objects.
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
