| From: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, Gregory Stark <stark(at)enterprisedb(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Parsing of pg_hba.conf and authentication inconsistencies |
| Date: | 2008-08-05 20:07:00 |
| Message-ID: | 1217966820.4549.83.camel@ebony.2ndQuadrant |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, 2008-08-03 at 10:36 +0200, Magnus Hagander wrote:
> Tom Lane wrote:
> > Magnus Hagander <magnus(at)hagander(dot)net> writes:
> >>> The good way to solve this would be to have independant command line
> >>> utilities which check pg_hba.conf, pg_ident.conf and postgresql.conf for
> >>> errors. Then DBAs could run a check *before* restarting the server.
> >
> >> While clearly useful, it'd still leave the fairly large foot-gun that is
> >> editing the hba file and HUPing things which can leave you with a
> >> completely un-connectable database because of a small typo.
> >
> > That will *always* be possible, just because software is finite and
> > human foolishness is not ;-).
>
> Certainly - been bitten by that more than once. But we can make it
> harder or easier to make the mistakes..
Yeah. I'm sure we've all done it.
Would it be possible to have two config files? An old and a new?
That way we could specify new file, but if an error is found we revert
to the last known-good file?
That would encourage the best practice of take-a-copy-then-edit.
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2008-08-05 20:09:45 | Re: plan invalidation vs stored procedures |
| Previous Message | Gregory Stark | 2008-08-05 18:38:44 | Re: DROP DATABASE always seeing database in use |