From: | Jaime Casanova <jaime(at)2ndquadrant(dot)com> |
---|---|
To: | "Prabakaran, Vaishnavi" <vaishnavip(at)fast(dot)au(dot)fujitsu(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Providing catalog view to pg_hba.conf file - Patch submission |
Date: | 2014-06-07 22:31:51 |
Message-ID: | CAJKUy5i2VRPMxkWdt-yEp4UNM5wfdy3ofzSC+gSkowrCebTy5Q@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Mar 14, 2014 at 12:30 AM, Prabakaran, Vaishnavi
<vaishnavip(at)fast(dot)au(dot)fujitsu(dot)com> wrote:
> Hi,
>
> In connection to my previous proposal about "providing catalog view to
> pg_hba.conf file contents" , I have developed the attached patch .
>
[...]
>
> [What this Patch does]
>
> Functionality of the attached patch is that it will provide a new view
> "pg_hba_settings" to admin users. Public access to the view is restricted.
> This view will display basic information about HBA setting details of
> postgresql cluster. Information to be shown , is taken from parsed hba
> lines and not directly read from pg_hba.conf files. Documentation files are
> also updated to include details of this new view under "Chapter 47.System
> Catalogs". Also , a new note is added in "chapter 19.1 The pg_hba.conf File"
>
A normal user can see all the info the view provide once you GRANT
permissions on it. How much info should a non-superuser see from this
view? currently a non-superuser can't see pg_hba info, now it can.
This function should be superuser only or only show info related for
current_user if it user is not superuser.
Also, i think you should use lowercase values just they are in
pg_hba.conf (ie: local not Local, host not Host, etc)
--
Jaime Casanova www.2ndQuadrant.com
Professional PostgreSQL: Soporte 24x7 y capacitación
Phone: +593 4 5107566 Cell: +593 987171157
From | Date | Subject | |
---|---|---|---|
Next Message | David Rowley | 2014-06-08 04:41:01 | Re: Suppressing unused subquery output columns |
Previous Message | Gavin Flower | 2014-06-07 21:33:04 | Re: PG Manual: Clarifying the repeatable read isolation example |