Re: Providing catalog view to pg_hba.conf file - Patch submission

On Thu, Jan 29, 2015 at 10:13 PM, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> wrote:
> I think the big problem you are mentioning can be resolved in
> a similar way as we have done for ALTER SYSTEM which is
> to have a separate file (.auto.conf) for settings done via
> ALTER SYSTEM command, do you see any major problem
> with that approach.

Yes. The contents of postgresql.conf are only mildly order-dependent.
If you put the same setting in more than once, it matters which one is
last. Apart from that, though, it doesn't really matter:
wal_keep_segments=10 means the same thing if it occurs before
max_connections=401 that it means after that. The same is not true of
pg_hba.conf, where the order matters a lot. This makes merging two
files together much less feasible, and much more confusing.

You are also a lot more likely to lock yourself out of the database by
adjusting pg_hba.conf. You can do that by modifying postgresql.conf,
say by putting an invalid combination of parameters in there or
getting it to request more semaphores or more RAM than the system can
accommodate or changing listen_addresses to 127.0.0.1, but there are
lots of things that you can do that carry no such risk. This is much
less true with pg_hba.conf. Even if I had a feature that would let me
modify pg_hba.conf remotely, I'm not sure I'd be brave enough to use
it.

Overall, this seems to me like a can of worms better left unopened.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company