Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: "Dickson S(dot) Guedes" <guediz(at)gmail(dot)com>
Subject: Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses
Date: 2008-06-16 09:47:21
Message-ID: 200806161147.22060.peter_e@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Am Donnerstag, 12. Juni 2008 schrieb Dickson S. Guedes:
> There is a TODO Item to allow pg_hba.conf to specify host names along
> with IP addresses.

I'm a bit curious how useful in practice this would actually be. Obviously,
you want to use host names to simplify the management of hosts, currently
being done with IP addresses. But how widely useful is it really to
authenticate a bunch of hosts in different ways? I'd say the standard case
is localhost vs everything else. Or perhaps localhost vs LAN vs rest of the
Internet. In neither of these cases , using host names helps much.

We have people here concerned about security of DNS, rightly so. But what
about relying on IP addresses or, by extension, MAC addresses for security;
is that safe?

So what are the use cases for having more than about 4 or 5 lines in
pg_hba.conf, and how would the ability to use host names help there?

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Martijn van Oosterhout 2008-06-16 09:52:40 Re: Question about Encoding a Custom Type
Previous Message Peter Eisentraut 2008-06-16 09:38:59 Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses