From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Providing catalog view to pg_hba.conf file - Patch submission |
Date: | 2015-02-28 05:27:50 |
Message-ID: | CAFj8pRAC4m45eCupqBLG9T4o393DviFb8fcE45BPVDDmdp=LOg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
2015-02-28 2:40 GMT+01:00 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > I understand that there may be objections to that on the basis that it's
> > work that's (other than for this case) basically useless,
>
> Got it in one.
>
> I'm also not terribly happy about leaving security-relevant data sitting
> around in backend memory 100% of the time. We have had bugs that exposed
> backend memory contents for reading without also granting the ability to
> execute arbitrary code, so I think doing this does represent a
> quantifiable decrease in the security of pg_hba.conf.
>
The Stephen's proposal changes nothing in security. These data are in
memory now. The only one difference is, so these data will be fresh.
Regards
Pavel
>
> regards, tom lane
>
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2015-02-28 05:27:53 | Re: Proposal: knowing detail of config files via SQL |
Previous Message | Jim Nasby | 2015-02-28 05:25:46 | Re: logical column ordering |