| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | "Arcadius A(dot)" <ahouans(at)sh(dot)cvut(dot)cz>, pgsql-advocacy(at)postgresql(dot)org |
| Subject: | Re: MySQL interview, no mention of PostgreSQL |
| Date: | 2003-10-16 16:54:56 |
| Message-ID: | 200310160954.56483.josh@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-advocacy |
Arcadius,
> Once, I've asked about the pg_hb.conf file ....
> IMHO, writing an app for parsing/editing that file *may* be a problem
> for those who develop control panels used by web hosting companies ....
>
> IMHO, moving the info in pg_hb.conf into the DB itself may attract
> control panel developers.
While one could write a utility in Postgres to create/process the file, the
"live" version of pg_hba.conf *must* be outside the database. If our ACL
was in the database, then how would we know who has the rights to read the
ACL? Systems which store their ACLs in the database (MSSQL) are continuously
vulnerable to attacks that piggy-back on the authentication process to gain
entry to the database, e.g. the "Slammer" worm.
Also, users would risk a permanent fatal lockout if they mis-configure pg_hba.
--
Josh Berkus
Aglio Database Solutions
San Francisco
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noèl Köthe | 2003-10-16 17:37:20 | Re: first version of the PostgreSQL flyer |
| Previous Message | Christopher Browne | 2003-10-15 20:16:59 | pg_hba |