| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg_hba.conf hostname todo |
| Date: | 2006-12-27 21:41:08 |
| Message-ID: | 20061227214108.GM24675@kenobi.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Joshua D. Drake (jd(at)commandprompt(dot)com) wrote:
> Allow pg_hba.conf to specify host names along with IP addresses
Excellent.
> Host name lookup could occur when the postmaster reads the pg_hba.conf
> file, or when the backend starts. Another solution would be to reverse
> lookup the connection IP and check that hostname against the host names
> in pg_hba.conf. We could also then check that the host name maps to the
> IP address.
I'm inclined towards doing the reverse-DNS of the connecting IP and then
checking that the forward of that matches.
> Allow one to specify a FQDN or a simple wild card DN. E.g;
> *.commandprompt.com.
>
> A valid entry would look like this:
>
> host all all *.commandprompt.com trust
> host all all www1.postgresql.org md5
>
> Thoughts?
While a wildcard does make sense (ie: www*.postgresql.org), I would
generally expect 'commandprompt.com' to mean '*.commandprompt.com'
implicitly.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Roman Kononov | 2006-12-27 21:43:49 | Re: [BUGS] BUG #2846: inconsistent and confusing handling of underflows, |
| Previous Message | David Fetter | 2006-12-27 21:38:41 | Re: Per-database search_path |