Re: pg_hba.conf hostname todo
| От | Andrew Dunstan |
|---|---|
| Тема | Re: pg_hba.conf hostname todo |
| Дата | |
| Msg-id | 4592F968.1040504@dunslane.net обсуждение исходный текст |
| Ответ на | Re: pg_hba.conf hostname todo (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-hackers |
Stephen Frost wrote: > * Andrew Dunstan (andrew@dunslane.net) wrote: > >> Before we rehearse the discussion we had in June again, please review >> it. It ended on these sensible words from Tom at >> http://archives.postgresql.org/pgsql-hackers/2006-02/msg00550.php : >> > > I'd have to disagree with this sentiment and agree with Gregory's > followup here: > http://archives.postgresql.org/pgsql-hackers/2006-02/msg00553.php > I don't know that there is a contradiction. Frankly, any auth scheme based much on the client address or name is suspect, in my view. Organisations like those he refers to can simply put in a wildcard rule along with strong auth requirements and never have to bother. This is not like having to specify what address a client has to connect to. > >>>> Personally, I doubt there's any great use case for DNS names. Like Tom >>>> says, if it involves much more that removing the AI_NUMERICHOST hint >>>> then let's forget it. >>>> >>> Perhaps more to the point: let's do that and wait to see if the field >>> demand justifies expending lots of sweat on anything smarter. Given >>> that we've gone this long with only allowing numeric IPs in pg_hba.conf, >>> I suspect we'll find that few people really care. >>> > > I don't see that this argument really makes all that much sense- not > doing it properly and then waiting to see if people use it isn't exactly > how I'd go about finding out if people want it. > > It depends on what you define as "properly". If you want to include the use of wildcards, then you need a heck of a lot more logic and processing. But we've hardly had people banging on the doors demanding this. cheers andrew
В списке pgsql-hackers по дате отправления: