Skip site navigation (1) Skip section navigation (2)

Re: Why don't we allow DNS names in pg_hba.conf?

From: <pmagnoli(at)systemevolution(dot)it>
To: elein <elein(at)varlena(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Why don't we allow DNS names in pg_hba.conf?
Date: 2006-01-02 08:51:23
Message-ID: isgj9n.eymiw@mail.systemevolution.it (view raw or flat)
Thread:
Lists: pgsql-hackers
Yes, it would be good to implement this. A warning about security and
(possible) slow connections due to name resolution issues should be placed in
the docs.
Regards

paolo

elein <elein(at)varlena(dot)com> ha scritto

> I also support this change.  My clients have tended to move
> machines and networks around a lot as well as move databases from machine
> to machine.  It would be nice to let the network gurus concentrate
> on getting the dns servers up and correct and leverage that
> work instead of having to change pg_hba.conf when these changes
> occur.
> 
> elein
> elein(at)varlena(dot)com
> 
> On Sun, Jan 01, 2006 at 01:30:46PM -0500, Tom Lane wrote:
> > I was reminded of $subject by
> > http://archives.postgresql.org/pgsql-admin/2006-01/msg00002.php
> > 
> > While I haven't tried it, I suspect that allowing a DNS host name
> > would take little work (basically removing the AI_NUMERICHOST flag
> > passed to getaddrinfo in hba.c).  There was once a good reason not
> > to allow it: slow DNS lookups would lock up the postmaster.  But
> > now that we do this work in an already-forked backend, with an overall
> > timeout that would catch any indefinite blockage, I don't see a good
> > reason why we shouldn't let people use DNS names.
> > 
> > Thoughts?
> > 
> > 			regards, tom lane
> > 
> > ---------------------------(end of broadcast)---------------------------
> > TIP 9: In versions below 8.0, the planner will ignore your desire to
> >        choose an index scan if your joining column's datatypes do not
> >        match
> > 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
> 
>                http://www.postgresql.org/docs/faq
> 




In response to

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2006-01-02 08:52:58
Subject: Re: psql & readline & win32
Previous:From: Andrew DunstanDate: 2006-01-02 08:36:50
Subject: Re: psql & readline & win32

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group