| From: | Chris Browne <cbbrowne(at)acm(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Why pg_hba not in table? |
| Date: | 2006-02-07 19:47:58 |
| Message-ID: | 603bivhrwx.fsf@dba2.int.libertyrms.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
jason(dot)leach(at)gmail(dot)com ("Jason C. Leach") writes:
> Why not put pg_hba.conf in a pg table? Seems like it would be much
> easier to work with. After all, if we can keep users in the db
> tables, why not this?
... Because it represents information that needs to be accessed
*before* a connection to the database is established.
This is the configuration that determines whether or not a DB
connection is permitted. If we store the information in a table, then
the connection has to be accepted in order to determine if the
connection should be accepted.
As things stand, pg_hba.conf will reject many of the cases without
needing to burden the database engine with another connection.
If connections are required, then:
a) There are presumably some new race conditions for vulnerabilities
that come available;