| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | mark(at)mark(dot)mielke(dot)cc |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Mark Woodward <pgsql(at)mohawksoft(dot)com>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Euler Taveira de Oliveira <eulerto(at)yahoo(dot)com(dot)br>, "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, Andreas Pflug <pgadmin(at)pse-consulting(dot)de>, "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Why don't we allow DNS names in pg_hba.conf? |
| Date: | 2006-02-13 15:48:39 |
| Message-ID: | 29068.1139845719@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
mark(at)mark(dot)mielke(dot)cc writes:
> On Mon, Feb 13, 2006 at 10:00:34AM -0500, Andrew Dunstan wrote:
>> We can over-egg this pudding massively. I suggest we start with a simple
>> implementation and see what needs it leaves unfilled. I would vote for
>> allowing a hostname (or list of hostnames?) to replace the address/mask
>> params, and that at connect time we do a forward lookup trying for a
>> match with the connecting address. If we get a match then that's the hba
>> line that applies.
> Yes.
The original proposal to change this required little more than removing
the AI_NUMERICHOST flag restricting pg_getaddrinfo_all's lookup. I
thought all along that anything more than that was massive overdesign...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Cramer | 2006-02-13 16:10:41 | Re: what's stored in pg_tblspc |
| Previous Message | Mark Woodward | 2006-02-13 15:44:57 | Re: Why don't we allow DNS names in pg_hba.conf? |