Re: Why pg_hba not in table?

>>And you can change pg_hba.conf on the fly, so you don't have to restart
>>a 24/7 database because you locked the superuser out.
>>
>>
>
>If your back were against the wall, you could probably hand-edit the
>flat-file version of the permission file enough to let yourself in
>without shutting down the postmaster.  It might not be as user-friendly
>
>to edit as the current pg_hba.conf, but it'd still be flat ASCII I expect.
>
Hi,

AFAIC, I've written scripts that alter the file "pg_hba.conf" on the fly,
while running PostgreSQL, and also *before* starting PostgreSQL !

The goal was to create a "restricted" mode, called via :
    service postgresql start-restricted

For example, if the database server is off, and maintenance is needed
*before* any normal (non-superuser) connections, we can start the server
directly, with perfect security settings...

So, the actual pg_hba.conf file is ideal !
If we would have to start the database in order to reconfigure it to
prevent normal connections, a normal user could take advantage of this
to connect during this process !!

Don't loose flexibility and security for some "elegant" evolutions !

Best Regards,
Philippe Ferreira.