| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Unfriendly handling of pg_hba SSL options with SSL off |
| Date: | 2011-04-25 18:50:28 |
| Message-ID: | 1303757428.5006.58.camel@vanquo.pezone.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On mån, 2011-04-25 at 14:18 -0400, Tom Lane wrote:
> In the particular case at hand, if someone is trying to use the same
> hostssl-containing pg_hba.conf across multiple systems, is it not
> reasonable to suppose that he should have SSL turned on in
> postgresql.conf on all those systems? If he doesn't, it's far more
> likely to be a configuration mistake that he'd appreciate being pointed
> out to him, instead of having to reverse-engineer why some of the
> systems aren't working like others.
I think, people use and configure PostgreSQL in all kinds of ways, so we
shouldn't assume what they might be thinking. Especially if an
artificial boundary has the single purpose of being "helpful". If
people want their configuration checked for "sanity" (by someone's
definition), there might be logging or debugging options in order for
that.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2011-04-25 19:00:08 | Re: branching for 9.2devel |
| Previous Message | Greg Stark | 2011-04-25 18:43:22 | Re: branching for 9.2devel |