| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | David Fetter <david(at)fetter(dot)org> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Let people set host(no)ssl settings from initdb |
| Date: | 2019-12-12 05:23:42 |
| Message-ID: | 2603.1576128222@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Fetter <david(at)fetter(dot)org> writes:
> I've found myself writing a lot of boilerplate pg_hba.conf entries
> along the lines of
> hostnossl all all 0.0.0.0/0 reject
> hostssl all all 0.0.0.0/0 md5
> so I thought I'd make it easier to do that from initdb.
> What say?
I'm pretty suspicious of loading down initdb with random configuration
options, because I think most people nowadays use PG via vendor packages
that script their calls to initdb. So an option like this doesn't help
unless you can persuade all those vendors to pass the option through.
That problem exists even before you get to the question of whether
this specific option is useful or well-designed ... a question I'm
not opining about here, but it would certainly require thought.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-12-12 05:31:52 | Re: Collation versioning |
| Previous Message | Thomas Munro | 2019-12-12 05:09:44 | Re: Collation versioning |