From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Providing catalog view to pg_hba.conf file - Patch submission |
Date: | 2015-02-27 22:00:44 |
Message-ID: | CAFj8pRBctY5wDOfQB+anSd-EkqJV4usJMLiiMk2GXZeeOAWMdw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
2015-02-27 22:26 GMT+01:00 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > Right, we also need a view (or function, or both) which provides what
> > the *active* configuration of the running postmaster is. This is
> > exactly what I was proposing (or what I was intending to, at least) with
> > pg_hba_active, so, again, I think we're in agreement here.
>
> I think that's going to be a lot harder than you realize, and it will have
> undesirable security implications, in that whatever you do to expose the
> postmaster's internal state to backends will also make it visible to other
> onlookers; not to mention probably adding new failure modes.
>
we can do copy of pg_hba.conf somewhere when postmaster starts or when it
is reloaded.
Later, we can read this copy from child nodes.
Is it a possibility?
Regards
Pavel
>
> There are also nontrivial semantic differences in this area between
> Windows and other platforms (ie in an EXEC_BACKEND build the current file
> contents *are* the active version). If you insist on two views you will
> need to explain why/how they act differently on different platforms.
>
> I think the proposed mechanism (ie read and return the current contents of
> the file) is just fine, and we should stop there rather than engineering
> this to death. We've survived twenty years with *no* feature of this
> sort, how is it suddenly essential that we expose postmaster internal
> state?
>
> regards, tom lane
>
From | Date | Subject | |
---|---|---|---|
Next Message | Arthur Silva | 2015-02-27 22:04:07 | Re: logical column ordering |
Previous Message | Tom Lane | 2015-02-27 21:26:31 | Re: Providing catalog view to pg_hba.conf file - Patch submission |