| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com> |
| Cc: | Jacob Champion <jchampion(at)timescale(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Shaun Thomas <shaun(dot)thomas(at)enterprisedb(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue |
| Date: | 2023-08-21 23:58:42 |
| Message-ID: | ZOP6MvCDjLXPpOGD@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 21, 2023 at 07:43:56PM -0400, Isaac Morland wrote:
> I hope we're not really considering removing the "trust" method. For
> testing and development purposes it's very handy — just tell the database,
> running in a VM, to allow all connections and just believe who they say
> they are from a client process running in the same or a different VM, with
> no production data anywhere in site and no connection to the real network.
For some benchmarking scenarios, it can actually be useful when
testing cases where new connections are spawned as it bypasses
entirely the authentication path, moving the bottlenecks to different
areas one may want to stress.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Smith | 2023-08-22 00:31:25 | Re: [PoC] pg_upgrade: allow to upgrade publisher node |
| Previous Message | Michael Paquier | 2023-08-21 23:56:26 | Re: should frontend tools use syncfs() ? |