From:
Tino Wildenhain <tino(at)wildenhain(dot)de>
To:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:
Andrew Dunstan <andrew(at)dunslane(dot)net>,Euler Taveira de Oliveira <eulerto(at)yahoo(dot)com(dot)br>,"Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>,Andreas Pflug <pgadmin(at)pse-consulting(dot)de>,"Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>,pgsql-hackers(at)postgresql(dot)org
Subject:
Re: Why don't we allow DNS names in pg_hba.conf?
Date:
2006-01-03 18:21:33
Message-ID:
43BAC0AD.2070302@wildenhain.de (view raw or flat )
Thread:
2006-01-01 18:30:46 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-01 18:50:37 from "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>
2006-01-01 19:02:03 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2006-01-01 20:14:45 from John DeSoi <desoi(at)pgedit(dot)com>
2006-01-01 20:03:00 from Andreas Pflug <pgadmin(at)pse-consulting(dot)de>
2006-01-02 18:09:45 from Jon Jensen <jon(at)endpoint(dot)com>
2006-01-02 18:23:42 from Mike Rylander <mrylander(at)gmail(dot)com>
2006-01-02 18:26:20 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-02 18:55:53 from Jon Jensen <jon(at)endpoint(dot)com>
2006-01-02 19:06:38 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-03 16:18:12 from "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
2006-01-03 16:54:01 from Euler Taveira de Oliveira <eulerto(at)yahoo(dot)com(dot)br>
2006-01-03 17:34:59 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2006-01-03 17:43:03 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-03 18:15:45 from mark(at)mark(dot)mielke(dot)cc
2006-01-03 18:21:52 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-02-13 03:42:31 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2006-02-13 12:57:24 from "Mark Woodward" <pgsql(at)mohawksoft(dot)com>
2006-02-13 15:00:34 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2006-02-13 15:40:31 from mark(at)mark(dot)mielke(dot)cc
2006-02-13 15:48:39 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-02-13 15:44:57 from "Mark Woodward" <pgsql(at)mohawksoft(dot)com>
2006-02-13 15:30:39 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2006-02-13 16:57:48 from "Mark Woodward" <pgsql(at)mohawksoft(dot)com>
2006-02-13 16:54:43 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2006-02-13 19:38:38 from "Mark Woodward" <pgsql(at)mohawksoft(dot)com>
2006-02-13 20:07:09 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2006-02-13 20:21:30 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-02-13 20:29:33 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2006-02-13 20:35:19 from Gregory Maxwell <gmaxwell(at)gmail(dot)com>
2006-02-13 20:44:49 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-03 18:21:33 from Tino Wildenhain <tino(at)wildenhain(dot)de>
2006-01-03 20:00:24 from Jon Jensen <jon(at)endpoint(dot)com>
2006-01-01 20:04:47 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-01 21:14:41 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2006-01-01 21:49:57 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2006-01-01 23:37:22 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2006-01-02 03:36:02 from elein <elein(at)varlena(dot)com>
2006-01-02 08:51:23 from <pmagnoli(at)systemevolution(dot)it>
Lists:
pgsql-hackers
Tom Lane schrieb:
> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
>
>>One thing that bothers me slightly is that we would need to look up each
>>name (at least until we found a match) for each connection. If you had
>>lots of names in your pg_hba.conf that could be quite a hit.
>
>
> A possible answer to that is to *not* look up the names from
> pg_hba.conf, but instead restrict the feature to matching the
> reverse-DNS name of the client. This limits the cost to one lookup per
> connection instead of N (and it'd be essentially free if you have
> log_hostnames turned on, since we already do that lookup in that case).
Or alternatively (documented) scan and translate the names
only on restart or sighup. This would limit the overhead
and changes to the confile-scanner only and would
at least enable symbolic names in the config files.
(Of course w/o any wildcards - that would be the drawback)
In response to
Responses
pgsql-hackers by date
Next :From: Tom LaneDate: 2006-01-03 18:21:52Subject : Re: Why don't we allow DNS names in pg_hba.conf? Previous :From : markDate : 2006-01-03 18:15:45Subject : Re: Why don't we allow DNS names in pg_hba.conf?
