From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Cc: | "Dickson S(dot) Guedes" <guediz(at)gmail(dot)com> |
Subject: | Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses |
Date: | 2008-06-16 09:47:21 |
Message-ID: | 200806161147.22060.peter_e@gmx.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Am Donnerstag, 12. Juni 2008 schrieb Dickson S. Guedes:
> There is a TODO Item to allow pg_hba.conf to specify host names along
> with IP addresses.
I'm a bit curious how useful in practice this would actually be. Obviously,
you want to use host names to simplify the management of hosts, currently
being done with IP addresses. But how widely useful is it really to
authenticate a bunch of hosts in different ways? I'd say the standard case
is localhost vs everything else. Or perhaps localhost vs LAN vs rest of the
Internet. In neither of these cases , using host names helps much.
We have people here concerned about security of DNS, rightly so. But what
about relying on IP addresses or, by extension, MAC addresses for security;
is that safe?
So what are the use cases for having more than about 4 or 5 lines in
pg_hba.conf, and how would the ability to use host names help there?
From | Date | Subject | |
---|---|---|---|
Next Message | Martijn van Oosterhout | 2008-06-16 09:52:40 | Re: Question about Encoding a Custom Type |
Previous Message | Peter Eisentraut | 2008-06-16 09:38:59 | Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses |