Skip site navigation (1) Skip section navigation (2)

More robust pg_hba.conf parsing/error logging

From: Rafael Martinez <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: More robust pg_hba.conf parsing/error logging
Date: 2009-09-09 13:45:59
Message-ID: 4AA7B197.70002@usit.uio.no (view raw or flat)
Thread:
Lists: pgsql-hackers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello

The origin of this petition is an error produced today by a user on one
of our systems. Because of this error many users lost access to their
databases.

Problem:
- --------
If you define in pg_hba.conf a database or a user value with 'ALL'
instead of 'all', you will lose access to *all* databases involved. The
reload process will not report anything about 'ALL' been an invalid
value and the new pg_hba.conf will be reloaded.

This is the only thing in the log file:
"LOG:  received SIGHUP, reloading configuration files"

Solution:
- ---------
Or change internally all uppercase to lowercase so users can define
values in pg_hba.conf with uppercase characters.

Or throw an error saying 'ALL' is not a valid value and *not* reload the
pg_hba.conf file. This is already done if you use uppercase when you
define connection type or authentication method.

regards,
- --
 Rafael Martinez, <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no>
 Center for Information Technology Services
 University of Oslo, Norway

 PGP Public Key: http://folk.uio.no/rafael/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFKp7GVBhuKQurGihQRAhCZAJ9y5BhdWbrpJeW12g/rJ6yRfgubgACglYC3
wkG1cHESexmSZ48/Fc63vU4=
=a46y
-----END PGP SIGNATURE-----

Responses

pgsql-hackers by date

Next:From: Pavel StehuleDate: 2009-09-09 14:06:30
Subject: Re: RfD: more powerful "any" types
Previous:From: Tom LaneDate: 2009-09-09 13:39:49
Subject: Re: RfD: more powerful "any" types

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group