Re: Recognizing superuser in pg_hba.conf

On Wed, 8 Jan 2020 at 23:55, Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com>
wrote:

> On 08/01/2020 23:13, Peter Eisentraut wrote:
> > On 2020-01-06 17:03, Tom Lane wrote:
> >> So it's not clear to me whether we have any meeting of the minds
> >> on wanting this patch.
> >
> > This fairly far-ranging syntax reorganization of pg_hba.conf doesn't
> > appeal to me. pg_hba.conf is complicated enough conceptually for
> > users, but AFAICT nobody ever complained about the syntax or the
> > lexical structure specifically. Assigning meaning to randomly chosen
> > special characters, moreover in a security-relevant file, seems like
> > the wrong way to go.
> >
> > Moreover, this thread has morphed from what it says in the subject
> > line to changing the syntax of pg_hba.conf in a somewhat fundamental
> > way. So at the very least someone should post a comprehensive summary
> > of what is being proposed, instead of just attaching patches that
> > implement whatever was discussed across the thread.
> >
>
> What is being proposed is what is in the Subject and the original
> patch. The other patch is because Tom didn't like "the continuing creep
> of pseudo-reserved database and user names" so I wrote a patch to mark
> such reserved names and rebased my original patch on top of it. Only
> the docs changed in the rebase. The original patch (or its rebase) is
> what I am interested in.
>

Hopefully there will be no danger of me gaining access if I have a crafted
rolename?

postgres=# create role "&backdoor";
CREATE ROLE

--
Simon Riggs http://www.2ndQuadrant.com/
<http://www.2ndquadrant.com/>
PostgreSQL Solutions for the Enterprise