Re: Recognizing superuser in pg_hba.conf
| От | Simon Riggs |
|---|---|
| Тема | Re: Recognizing superuser in pg_hba.conf |
| Дата | |
| Msg-id | CANP8+j+6fhDp61NbsqYPDGXsTSjP7gaA_zAqM8cvsJtDVBtZGA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Recognizing superuser in pg_hba.conf (Vik Fearing <vik.fearing@2ndquadrant.com>) |
| Ответы |
Re: Recognizing superuser in pg_hba.conf
|
| Список | pgsql-hackers |
On Wed, 8 Jan 2020 at 23:55, Vik Fearing <vik.fearing@2ndquadrant.com> wrote:
On 08/01/2020 23:13, Peter Eisentraut wrote:
> On 2020-01-06 17:03, Tom Lane wrote:
>> So it's not clear to me whether we have any meeting of the minds
>> on wanting this patch.
>
> This fairly far-ranging syntax reorganization of pg_hba.conf doesn't
> appeal to me. pg_hba.conf is complicated enough conceptually for
> users, but AFAICT nobody ever complained about the syntax or the
> lexical structure specifically. Assigning meaning to randomly chosen
> special characters, moreover in a security-relevant file, seems like
> the wrong way to go.
>
> Moreover, this thread has morphed from what it says in the subject
> line to changing the syntax of pg_hba.conf in a somewhat fundamental
> way. So at the very least someone should post a comprehensive summary
> of what is being proposed, instead of just attaching patches that
> implement whatever was discussed across the thread.
>
What is being proposed is what is in the Subject and the original
patch. The other patch is because Tom didn't like "the continuing creep
of pseudo-reserved database and user names" so I wrote a patch to mark
such reserved names and rebased my original patch on top of it. Only
the docs changed in the rebase. The original patch (or its rebase) is
what I am interested in.
Hopefully there will be no danger of me gaining access if I have a crafted rolename?
postgres=# create role "&backdoor";
CREATE ROLE
В списке pgsql-hackers по дате отправления: