| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Thom Brown <thom(at)linux(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Silent failure with invalid hba_file setting |
| Date: | 2011-10-19 04:20:29 |
| Message-ID: | 1339.1318998029@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> On tis, 2011-10-18 at 18:38 -0400, Tom Lane wrote:
>> Well, an actually empty pg_hba.conf file would have the same problem,
>> and it's pretty hard to see any situation where it would be useful to
>> start the postmaster and not let it accept any connections. Should we
>> add a check to consider it an error if the file doesn't contain at least
>> one HBA record?
> If you try to connect and it doesn't find a record, it will tell you.
Yeah, but the damage is already done. I see the main practical benefit
of this being to prevent accidental loading of a trashed pg_hba file.
> I wouldn't add extra special checks for that. It might not be
> completely unreasonable to have a standby that no one can connect to,
> for example.
Well, you couldn't monitor its state then, so I don't find that example
very convincing. But if you were intent on having that, you could
easily set up a pg_hba file containing only "reject" entries.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2011-10-19 04:20:48 | Re: pg_ctl restart - behaviour based on wrong instance |
| Previous Message | Robert Haas | 2011-10-19 04:06:26 | Re: termination of backend waiting for sync rep generates a junk log message |