Re: pg_hba.conf hostname todo

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: pg_hba.conf hostname todo
Date: 2006-12-27 23:17:38
Message-ID: 25418.1167261458@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> While a wildcard does make sense (ie: www*.postgresql.org), I would
> generally expect 'commandprompt.com' to mean '*.commandprompt.com'
> implicitly.

No, that would be a really bad idea. It's not unlikely that
commandprompt.com refers to a specific host. If you implicitly allow it
to match *.commandprompt.com then there's no way to specify "connections
from just this host, not the whole domain underneath it".

I'm not sure that DNS wildcards are appropriate at all, but if they are
we should definitely require them to be written as explicit wildcards,
not have that happen silently behind the DBA's back.

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2006-12-27 23:19:31 Re: [BUGS] BUG #2846: inconsistent and confusing handling of underflows,
Previous Message Simon Riggs 2006-12-27 23:12:43 Re: TupleDescs and refcounts and such, again