Skip site navigation (1) Skip section navigation (2)

Re: MySQL interview, no mention of PostgreSQL

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>
Cc: Neil Conway <neilc(at)samurai(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>,"Arcadius A(dot)" <ahouans(at)sh(dot)cvut(dot)cz>,PostgreSQL Advocacy <pgsql-advocacy(at)postgresql(dot)org>
Subject: Re: MySQL interview, no mention of PostgreSQL
Date: 2003-10-17 17:59:10
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-advocacy
Robert Treat wrote:
> On Fri, 2003-10-17 at 07:23, Bruce Momjian wrote:
> > Neil Conway wrote:
> > > On Thu, 2003-10-16 at 12:54, Josh Berkus wrote:
> > > > While one could write  a utility in Postgres to create/process the file, the 
> > > > "live" version of pg_hba.conf *must* be outside the database.   If our ACL 
> > > > was in the database, then how would we know who has the rights to read the 
> > > > ACL?
> > > 
> > > I don't see why this is a show-stopping problem. Can you elaborate?
> > 
> > We don't want to fire up a backend until we know this is a valid user. 
> > You could easily bring a server to a standstill by just sending false
> > connection requests.  Sure, you can still do that by flooding the
> > machine, but a database lookup is significantly more expensive than
> > checking a connection packet.
> <devils advocate>
> why not hav a guc available in postgresql.conf that switches
> authentication from a pg_hba.conf file to a pg_hba table inside the
> database? this would allow people to choose a database based
> authentication scheme if their willing to shoulder the "risks" involved,
> and would prevent database lockout since you could always flip the guc
> and restart the database to authenticate against the file to allow
> admins back into the system
> </devils advocate>

I guess we could do it, but more easily we could dump a table to the
output file pg_hba.conf just like we do for pg_pwd and pg_group now.
It could be a global table like pg_shadow and pg_group.  Of course, you
have the problem of getting the database started to modify the table.

  Bruce Momjian                        |
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

pgsql-advocacy by date

Next:From: Neil ConwayDate: 2003-10-17 18:47:43
Subject: Re: MySQL interview, no mention of PostgreSQL
Previous:From: Adrian MaierDate: 2003-10-17 15:26:55
Subject: Romanian Press Release

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group