Re: pg_hba.conf hostname todo

* Joshua D. Drake (jd@commandprompt.com) wrote:
> Allow pg_hba.conf to specify host names along with IP addresses

Excellent.

> Host name lookup could occur when the postmaster reads the pg_hba.conf
> file, or when the backend starts. Another solution would be to reverse
> lookup the connection IP and check that hostname against the host names
> in pg_hba.conf. We could also then check that the host name maps to the
> IP address.

I'm inclined towards doing the reverse-DNS of the connecting IP and then
checking that the forward of that matches.

> Allow one to specify a FQDN or a simple wild card DN. E.g;
> *.commandprompt.com.
>
> A valid entry would look like this:
>
> host    all         all         *.commandprompt.com          trust
> host    all        all        www1.postgresql.org         md5
>
> Thoughts?

While a wildcard does make sense (ie: www*.postgresql.org), I would
generally expect 'commandprompt.com' to mean '*.commandprompt.com'
implicitly.
Thanks!
    Stephen