| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | hv(at)tbz-pariv(dot)de, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #8375: pg_hba.conf: Include_dir like in postgresql.conf |
| Date: | 2013-08-12 13:09:53 |
| Message-ID: | CABUevEx=hbO34g1GWf=vD8P2ipM_u3-uRYfo9RDDxJ=F=-HD0w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Thu, Aug 8, 2013 at 2:39 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> hv(at)tbz-pariv(dot)de writes:
>> For easier deployment it would be nice to have an include_dir directive in
>> pg_hba.conf.
>
> This doesn't seem like a remarkably good idea from here, mainly because
> entries in pg_hba.conf are critically order-dependent. Dropping random
> entries into a conf.d-like directory could produce unexpected results
> --- and in this case, "unexpected result" probably means "security
> failure".
If they are random, yes. You could easliy define them as ordered
though, by strict alphabetical ordering etc.
It's still a pretty decently sized footgun for people though, and I'm
not sure how useful it would actually be. And with the risk of
misconfiguration being a security hole rather than a badly configured
database (which would be the problem with a simliar thing for
postgresql.conf).
Perhaps the OP has a specific usecase to share where this would
actually be both safe and useful?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2013-08-12 14:11:44 | Re: [BUGS] BUG #8335: trim() un-document behaviour |
| Previous Message | Pavel Stehule | 2013-08-12 11:47:53 | Re: BUG #8329: UPDATE x SET x.y = x.y + z does not work in PL/pgSQL |