Re: Re: How to configer the pg_hba record which the database name with "\n" ?

On 08/07/2013 04:12 PM, Bruce Momjian wrote:
> On Thu, Aug 1, 2013 at 07:26:38AM -0700, David Johnston wrote:
>> huxm wrote
>>> where there is a
>>> newline(\n) in the name.
>> I can't imagine why you would want to use non-printing characters in a name,
>> especially a database name. Even if the hba.conf file was able to interpret
>> it (which it probably cannot but I do not know for certain) client
>> interfaces are likely to have problems as well. Most of these would not
>> think of interpolating a database identifier in that manner but instead
>> treat the name as a literal value. Even when line-continuations are allowed
>> they are often cosmetic in nature and the resultant newline is discarded
>> during the pre-execution phase of the command interpreter.
>>
>> Arguably having a check constraint on the catalog to prohibit such a name
>> would be more useful than trying to make such a construct functional.
>>
>> I'd guess in the immediate term the users accessing this database would need
>> to have "all" as their target and then you use role-based authorization to
>> limit which specific databases are accessible.
> I suppose the cleanest solution would be to allow a \n or a backslash
> for line continuation, but I don't think pg_hba.conf supports those.
>

It doesn't. I really think this comes into the category of "don't do
that!" The most we should do is document the pain that names with
embedded newlines can cause.

cheers

andrew