Re: Thoughts on pg_hba.conf rejection

On Mon, Apr 19, 2010 at 4:30 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Simon Riggs <simon(at)2ndQuadrant(dot)com> writes:
>> Point of note on giving information to the bad guys: if a
>> should-be-rejected connection request attempts to connect to a
>> non-existent database, we say "database does not exist".
>
> Yeah.  This was an acknowledged shortcoming of the changes to eliminate
> flat-file storage of authentication information --- as of 9.0, it's
> necessary to connect to some database in order to proceed with auth
> checking.  We discussed it at the time and agreed it was an acceptable
> loss.
>
> The only way I can think of to improve that without going back to flat
> files would be to develop a way for backends to switch databases after
> initial startup, so that auth could be done in a predetermined database
> (say, "postgres") before switching to the requested DB.  This has enough
> potential gotchas, in regards to catalog caching for instance, that I'm
> not eager to go there.

Would it be possible to set up a skeleton environment where we can
access shared catalogs only and then decide on which database we're
using later?

...Robert