Re: Providing catalog view to pg_hba.conf file - Patch submission

Pavel,

* Pavel Stehule (pavel(dot)stehule(at)gmail(dot)com) wrote:
> 2015-02-27 22:26 GMT+01:00 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> > Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > > Right, we also need a view (or function, or both) which provides what
> > > the *active* configuration of the running postmaster is. This is
> > > exactly what I was proposing (or what I was intending to, at least) with
> > > pg_hba_active, so, again, I think we're in agreement here.
> >
> > I think that's going to be a lot harder than you realize, and it will have
> > undesirable security implications, in that whatever you do to expose the
> > postmaster's internal state to backends will also make it visible to other
> > onlookers; not to mention probably adding new failure modes.
>
> we can do copy of pg_hba.conf somewhere when postmaster starts or when it
> is reloaded.

Please see my reply to Tom. There's no trivial way to reach into the
postmaster from a backend- but we do get a copy of whatever the
postmaster had when we forked, and the postmaster only reloads
pg_hba.conf on a sighup and that sighup is passed down to the children,
so we simply need to also reload the pg_hba.conf in the children when
they get a sighup.

That's how postgresql.conf is handled, which is what pg_settings is
based off of, and I believe is the behavior folks are really looking
for.

Thanks,

Stephen