| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jim Jones <jim(dot)jones(at)uni-muenster(dot)de> |
| Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [PATCH] Add inline comments to the pg_hba_file_rules view |
| Date: | 2023-09-27 08:21:29 |
| Message-ID: | E543222B-DE8D-4116-BA67-3C2D3FA83110@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 26 Sep 2023, at 20:40, Jim Jones <jim(dot)jones(at)uni-muenster(dot)de> wrote:
> Do you think that this feature is in general not a good idea?
I wouldn't rule it out as a bad idea per se. As always when dealing with
access rules and pg_hba there is a security angle to consider, but I think that
could be addressed.
> Or perhaps a different annotation method would address your concerns?
An annotation syntax specifically for this would address my concern, but the
argument that pg_hba (and related code) is border-line too complicated as it is
does hold some water. Complexity in code can lead to bugs, but complexity in
syntax can lead to misconfigurations or unintentional infosec leaks which is
usually more problematic.
I would propose to not worry about code and instead just discuss a potential
new format for annotations, and only implement parsing and handling once
something has been agreed upon. This should be in a new thread however to
ensure visibility, since it's beyond the subject of this thread.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jakub Wartak | 2023-09-27 08:28:05 | Re: pg_stat_get_activity(): integer overflow due to (int) * (int) for MemoryContextAllocHuge() |
| Previous Message | Daniel Gustafsson | 2023-09-27 08:14:48 | Re: logfmt and application_context |