Stephen Frost <sfrost(at)snowman(dot)net> writes:
> I understand that there may be objections to that on the basis that it's
> work that's (other than for this case) basically useless,
Got it in one.
I'm also not terribly happy about leaving security-relevant data sitting
around in backend memory 100% of the time. We have had bugs that exposed
backend memory contents for reading without also granting the ability to
execute arbitrary code, so I think doing this does represent a
quantifiable decrease in the security of pg_hba.conf.
regards, tom lane