On Tue, 3 Jan 2006, Tino Wildenhain wrote:
>>> One thing that bothers me slightly is that we would need to look up each
>>> name (at least until we found a match) for each connection. If you had
>>> lots of names in your pg_hba.conf that could be quite a hit.
>> A possible answer to that is to *not* look up the names from
>> pg_hba.conf, but instead restrict the feature to matching the
>> reverse-DNS name of the client. This limits the cost to one lookup per
>> connection instead of N (and it'd be essentially free if you have
>> log_hostnames turned on, since we already do that lookup in that case).
> Or alternatively (documented) scan and translate the names
> only on restart or sighup. This would limit the overhead
> and changes to the confile-scanner only and would
> at least enable symbolic names in the config files.
> (Of course w/o any wildcards - that would be the drawback)
That's what I suggested yesterday, but others didn't like it and the
possibility of using /etc/hosts or a name server on the local network to
mitigate speed concerns makes me think they're right.
End Point Corporation
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2006-01-03 20:51:11|
|Subject: Re: cvs tip - stats buffer process consuming 100% cpu |
|Previous:||From: Bruce Momjian||Date: 2006-01-03 19:53:23|
|Subject: Re: cvs tip - stats buffer process consuming 100% cpu|