Re: pg_hba.conf view from the database?

From: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>
To: Richard Huxton <dev(at)archonet(dot)com>
Cc: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>, PostgreSQL Developers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pg_hba.conf view from the database?
Date: 2004-04-06 17:44:37
Message-ID: 1081273477.31785.81.camel@camel
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, 2004-04-06 at 08:23, Richard Huxton wrote:
> On Tuesday 06 April 2004 12:10, Fabien COELHO wrote:
> >
> > I'm thinking of allowing advices about incoherent or dangerous "host base
> > authentification" configurations. I would like to access pg_hba.conf
> > from within the database. However, I could not find any pg_catalog that
> > would fit my needs.
> >
> > - am I missing something? I'm afraid not, but "yes" would be good news;-)
>
> Not
>
> > - is it a design principle that this information is not available,
> > or just a lack of time and/or need up to know?
> > would it make sense to add such a view?
>
> I believe the thinking is that you want to check whether someone is allowed to
> connect to the database without having to connect to the database. If someone
> were to make bad connection attempts, they could easily run a denial of
> service against your DB (whether intentionally or just due to an application
> bug).
>

I think that's one of the reasons it is implemented in a .conf file
(check archives, it was just discussed again recently) but that doesn't
answer the question of "why isn't the pg_hba.conf viewable from inside
the database" ? Seems a valid question since we show postgresql.conf
info database side.

Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2004-04-06 18:09:57 Re: [HACKERS] logging statement levels
Previous Message Josh Berkus 2004-04-06 16:22:19 Re: Function to kill backend