Re: pg_hba.conf: samehost and samenet [REVIEW]

If looking for representation -

I consider the default pg_hba.conf to be problematic. Newbies start with
"trust" access, and then do silly things to open it up.

I would use samehost, and if samenet worked the same way it does for
Postfix, I would probably use samenet. This information can be pulled
from the operating system, and the requirement for it to be hard-coded
in pg_hba.conf is inconvenient at best, and problematic at worst. Yes,
renumbering requires some thought - but I prefer applications that do
the majority of this thought for me over applications that require me to
do mundane activities.

I would also use DNS in pg_hba.conf if it were available. I can see some
of the issues with this (should it be mapped to IP right away, or should
it be re-evaluated every time?), but ultimately the feature would be
useful, and would be widely used. Especially once we get to IPv6,
specification of the addresses will become a horrible chore, and
solutions which require the IPv6 address to be spelled out will be
painful to use.

Both of these are generally one time costs for me. They are a pain, but
most of us suck it up and swallow. It hasn't been on my list of itches
that I just have to scratch. Remember, though, that the majority of
PostgreSQL users are not represented on this list, and my pain here
might be acceptable, but a newbie will probably either turn away or do
something wrong. Better to give them a sensible configuration from the
start from, and allow the experts to specify IP addresses if that is
what they want to do.

Cheers,
mark

--
Mark Mielke<mark(at)mielke(dot)cc>