| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Wells Oliver <wellsoliver(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: replication requires redundant rule in pga_hba? |
| Date: | 2012-09-13 02:28:14 |
| Message-ID: | 10498.1347503294@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Wells Oliver <wellsoliver(at)gmail(dot)com> writes:
> It seems like the following is redundant:
> host all all 0.0.0.0/0 md5
> hostnossl replication replicationuser 0.0.0.0/0 md5
> The first one allows either SSL or non SSL to all users for all DBs from
> any address via MD5. Good for everything, no? Yet if I remove the second
> line, I see a bunch of:
> FATAL: no pg_hba.conf entry for replication connection from host 10....,
> user "replicationuser", SSL off
> Why is this? What am I missing?
I believe replication intentionally requires a special entry, ie is
deliberately not included in "all". The theory is that such a
connection gives access to absolutely everything in the database
cluster, which is more access than any regular connection has, so we
don't want to let one be made unintentionally.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike Christensen | 2012-09-13 03:43:26 | Re: Where do I get pgAdmin 1.16 for openSuSE? |
| Previous Message | Wells Oliver | 2012-09-13 02:22:53 | replication requires redundant rule in pga_hba? |