| From: | Rosser Schwarz <rosser(dot)schwarz(at)gmail(dot)com> |
|---|---|
| To: | Korry Douglas <korry(dot)douglas(at)enterprisedb(dot)com> |
| Cc: | Jose Gilney <jgilney(at)gmail(dot)com>, PgSQL ADMIN <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: changing pb_hba.conf file with pgadmin3 |
| Date: | 2014-01-14 19:47:27 |
| Message-ID: | CAFnxYwhb7e=tpQHzKyELgy=JmmNqqw7knVqz_n_BRMmE8n-j_g@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Tue, Jan 14, 2014 at 11:35 AM, Korry Douglas <
korry(dot)douglas(at)enterprisedb(dot)com> wrote:
> pgadmin could use the new ALTER SYSTEM command (coming in 9.4)
>
ALTER SYSTEM is for setting (some — specifically, runtime configurable)
postgresql.conf directives, not pg_hba.conf rules. See <
http://www.postgresql.org/docs/devel/static/sql-altersystem.html>
Assume for a moment that you could change hba rules with ALTER SYSTEM: what
happens if a malicious user were to add a "host all all 0.0.0.0/0 reject"
rule? Or, perhaps worse, "host all postgres 0.0.0.0/0 trust"?
rls
--
:wq
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Korry Douglas | 2014-01-14 20:27:46 | Re: changing pb_hba.conf file with pgadmin3 |
| Previous Message | Erik Jones | 2014-01-14 19:39:29 | Any potential race condition danger from repeated config entries? |