| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Gregory Stark <stark(at)enterprisedb(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Parsing of pg_hba.conf and authentication inconsistencies |
| Date: | 2008-08-05 13:29:51 |
| Message-ID: | 489855CF.20709@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Tom Lane wrote:
>>> Seems a lot better to me to just train people to run the check-config
>>> code by hand before pulling the trigger to load the settings for real.
>
>> I think it'd be reasonable to refuse starting if the config is *known
>> broken* (such as containing lines that are unparseable, or that contain
>> completely invalid tokens), whereas you'd start if they just contain
>> things that are "probably wrong". But picking from your previous
>> examples of "more advanced checks", there are lots of cases where
>> things like overlapping CIDR address ranges are perfectly valid, so I
>> don't think we could even throw a warning for that - unless there's a
>> separate flag to enable/disable warnings for such a thing.
>
> There are cases that are sane, and there are cases that are not.
> You've got three possibilities:
>
> * two lines referencing the exact same address range (and other
> selectors such as user/database). Definitely a mistake, because
> the second one is unreachable.
>
> * two lines where the second's address range is a subset of the
> first (and other stuff is the same). Likewise a mistake.
>
> * two lines where the first's address range is a subset of the
> second's. This one is the only sane one.
Yeah, certainly. But a very common one at that.
> (The nature of CIDR notation is that there are no partial overlaps,
> so it must be one of these three cases.)
Right.
> We have in fact seen complaints from people who apparently missed
> the fact that pg_hba.conf entries are order-sensitive, so I think
> a test like this would be worth making. But it shouldn't be done
> by the postmaster.
Agreed. Postmaster should verify things only to the point that it's a
valid CIDR mask (say that the IP is actually numeric and not
1.2.foo.3/32). Any further context analysis does not belong there.
Should I read this as you warming up slightly to the idea of having the
postmaster do that? ;-)
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2008-08-05 13:44:58 | Re: IN vs EXISTS equivalence |
| Previous Message | Asko Oja | 2008-08-05 13:17:29 | Re: plan invalidation vs stored procedures |