| From: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
|---|---|
| To: | Richard Huxton <dev(at)archonet(dot)com> |
| Cc: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>, PostgreSQL Developers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_hba.conf view from the database? |
| Date: | 2004-04-06 17:44:37 |
| Message-ID: | 1081273477.31785.81.camel@camel |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2004-04-06 at 08:23, Richard Huxton wrote:
> On Tuesday 06 April 2004 12:10, Fabien COELHO wrote:
> >
> > I'm thinking of allowing advices about incoherent or dangerous "host base
> > authentification" configurations. I would like to access pg_hba.conf
> > from within the database. However, I could not find any pg_catalog that
> > would fit my needs.
> >
> > - am I missing something? I'm afraid not, but "yes" would be good news;-)
>
> Not
>
> > - is it a design principle that this information is not available,
> > or just a lack of time and/or need up to know?
> > would it make sense to add such a view?
>
> I believe the thinking is that you want to check whether someone is allowed to
> connect to the database without having to connect to the database. If someone
> were to make bad connection attempts, they could easily run a denial of
> service against your DB (whether intentionally or just due to an application
> bug).
>
I think that's one of the reasons it is implemented in a .conf file
(check archives, it was just discussed again recently) but that doesn't
answer the question of "why isn't the pg_hba.conf viewable from inside
the database" ? Seems a valid question since we show postgresql.conf
info database side.
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-04-06 18:09:57 | Re: [HACKERS] logging statement levels |
| Previous Message | Josh Berkus | 2004-04-06 16:22:19 | Re: Function to kill backend |