|From:||David Fetter <david(at)fetter(dot)org>|
|To:||Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>|
|Cc:||PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>|
|Subject:||Re: Let people set host(no)ssl settings from initdb|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
On Thu, Dec 12, 2019 at 12:23:42AM -0500, Tom Lane wrote:
> David Fetter <david(at)fetter(dot)org> writes:
> > I've found myself writing a lot of boilerplate pg_hba.conf entries
> > along the lines of
> > hostnossl all all 0.0.0.0/0 reject
> > hostssl all all 0.0.0.0/0 md5
> > so I thought I'd make it easier to do that from initdb.
> > What say?
> I'm pretty suspicious of loading down initdb with random configuration
> options, because I think most people nowadays use PG via vendor packages
> that script their calls to initdb. So an option like this doesn't help
> unless you can persuade all those vendors to pass the option through.
Would the official PGDG .deb and .rpm packages suffice?
> That problem exists even before you get to the question of whether
> this specific option is useful or well-designed ... a question I'm
> not opining about here, but it would certainly require thought.
I think it was a reasonable extension. We cover lines that start with
local and host, but they can also start with hostssl and hostnossl.
Meanwhile, please find attached a fix for an oversight around IPv6.
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
|Next Message||Amit Kapila||2019-12-12 06:43:50||Re: Wrong assert in TransactionGroupUpdateXidStatus|
|Previous Message||Amit Khandekar||2019-12-12 06:22:47||Re: logical decoding : exceeded maxAllocatedDescs for .spill files|