Re: pg_hba.conf: samehost and samenet [REVIEW]
| От | Mark Mielke |
|---|---|
| Тема | Re: pg_hba.conf: samehost and samenet [REVIEW] |
| Дата | |
| Msg-id | 4ABA94C6.90504@mark.mielke.cc обсуждение исходный текст |
| Ответ на | Re: pg_hba.conf: samehost and samenet [REVIEW] (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
If looking for representation - I consider the default pg_hba.conf to be problematic. Newbies start with "trust" access, and then do silly things to open it up. I would use samehost, and if samenet worked the same way it does for Postfix, I would probably use samenet. This information can be pulled from the operating system, and the requirement for it to be hard-coded in pg_hba.conf is inconvenient at best, and problematic at worst. Yes, renumbering requires some thought - but I prefer applications that do the majority of this thought for me over applications that require me to do mundane activities. I would also use DNS in pg_hba.conf if it were available. I can see some of the issues with this (should it be mapped to IP right away, or should it be re-evaluated every time?), but ultimately the feature would be useful, and would be widely used. Especially once we get to IPv6, specification of the addresses will become a horrible chore, and solutions which require the IPv6 address to be spelled out will be painful to use. Both of these are generally one time costs for me. They are a pain, but most of us suck it up and swallow. It hasn't been on my list of itches that I just have to scratch. Remember, though, that the majority of PostgreSQL users are not represented on this list, and my pain here might be acceptable, but a newbie will probably either turn away or do something wrong. Better to give them a sensible configuration from the start from, and allow the experts to specify IP addresses if that is what they want to do. Cheers, mark -- Mark Mielke<mark@mielke.cc>
В списке pgsql-hackers по дате отправления: