| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Recognizing superuser in pg_hba.conf |
| Date: | 2019-12-28 18:07:31 |
| Message-ID: | 23935.1577556451@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com> writes:
> It can sometimes be useful to match against a superuser in pg_hba.conf.
Seems like a reasonable desire.
> Adding another keyword can break backwards compatibility, of course. So
> that is an issue that needs to be discussed, but I don't imagine too
> many people are using role names "superuser" and "nonsuperuser". Those
> who are will have to quote them.
I'm not very happy about the continuing creep of pseudo-reserved database
and user names in pg_hba.conf. I wish we'd adjust the notation so that
these keywords are syntactically distinct from ordinary names. Given
the precedent that "+" and "@" prefixes change what an identifier means,
maybe we could use "*" or some other punctuation character as a keyword
prefix? We'd have to give grandfather exceptions to the existing
keywords, at least for a while, but we could say that new ones won't be
recognized without the prefix.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fabien COELHO | 2019-12-28 18:15:03 | Re: Greatest Common Divisor |
| Previous Message | Tom Lane | 2019-12-28 17:56:47 | Re: PostgreSQL 12.1 patch for "private_modify" table creation option for data validation reinforcement |