Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-05 Thread Peter Eisentraut
On 1/5/17 11:56 AM, Stephen Frost wrote: > I've seen complaints about it and have seen people changing the > permissions to be root/root on the .auto.conf file to disallow 'regular' > superusers from doing ALTER SYSTEM. It's not exactly elegant but it's a > way to avoid the risk of someone

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-05 Thread Euler Taveira
On 04-01-2017 17:30, Tom Lane wrote: > Simon Riggs writes: >> My next thought is ALTER SYSTEM support for pg_hba.conf, especially >> since that would make it easier to do a formal test of Haribabu's >> pg_hba view patch by adding each of the options one by one and then >>

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-05 Thread Joe Conway
On 01/05/2017 08:27 AM, Robert Haas wrote: > There's also the question of whether opening up the ability to do > this sort of thing from the SQL level is a security hazard, It unquestionably is. > but we've already gone fairly far down the path of assuming that > there's not a tremendous amount

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-05 Thread Robert Haas
On Thu, Jan 5, 2017 at 12:28 PM, Stephen Frost wrote: > Generally speaking, an ALTER DATABASE is unlikely to make the cluster > fail to start. To be clear, I've only seen 1 or 2 cases and I'm not > sure if, in those cases, they even fully understood how much can be > changed

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-05 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Thu, Jan 5, 2017 at 11:56 AM, Stephen Frost wrote: > >> One thing I'm kind of happy about is that, as far as I can see, there > >> hasn't been much backlash against the existing ALTER SYSTEM, either > >> from a security point

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-05 Thread Robert Haas
On Thu, Jan 5, 2017 at 11:56 AM, Stephen Frost wrote: > Greetings, > > If we keep it to superusers then we aren't changing anything, from my > point of view at least. That does bring up the question of if it'd be > useful for a non-superuser to be able to control. I'm on the

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-05 Thread Stephen Frost
Greetings, * Robert Haas (robertmh...@gmail.com) wrote: > On Wed, Jan 4, 2017 at 3:30 PM, Tom Lane wrote: > > Simon Riggs writes: > >> My next thought is ALTER SYSTEM support for pg_hba.conf, especially > >> since that would make it easier to do a

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-05 Thread Robert Haas
On Wed, Jan 4, 2017 at 3:30 PM, Tom Lane wrote: > Simon Riggs writes: >> My next thought is ALTER SYSTEM support for pg_hba.conf, especially >> since that would make it easier to do a formal test of Haribabu's >> pg_hba view patch by adding each of the

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-04 Thread Simon Riggs
On 4 January 2017 at 20:30, Tom Lane wrote: > Simon Riggs writes: >> My next thought is ALTER SYSTEM support for pg_hba.conf, especially >> since that would make it easier to do a formal test of Haribabu's >> pg_hba view patch by adding each of the

Re: [HACKERS] ALTER SYSTEM for pg_hba.conf

2017-01-04 Thread Tom Lane
Simon Riggs writes: > My next thought is ALTER SYSTEM support for pg_hba.conf, especially > since that would make it easier to do a formal test of Haribabu's > pg_hba view patch by adding each of the options one by one and then > juggling them. It's quite unclear from this