Re: [PATCH] Add inline comments to the pg_hba_file_rules view
| От | Daniel Gustafsson |
|---|---|
| Тема | Re: [PATCH] Add inline comments to the pg_hba_file_rules view |
| Дата | |
| Msg-id | E543222B-DE8D-4116-BA67-3C2D3FA83110@yesql.se обсуждение исходный текст |
| Ответ на | Re: [PATCH] Add inline comments to the pg_hba_file_rules view (Jim Jones <jim.jones@uni-muenster.de>) |
| Ответы |
Re: [PATCH] Add inline comments to the pg_hba_file_rules view
|
| Список | pgsql-hackers |
> On 26 Sep 2023, at 20:40, Jim Jones <jim.jones@uni-muenster.de> wrote: > Do you think that this feature is in general not a good idea? I wouldn't rule it out as a bad idea per se. As always when dealing with access rules and pg_hba there is a security angle to consider, but I think that could be addressed. > Or perhaps a different annotation method would address your concerns? An annotation syntax specifically for this would address my concern, but the argument that pg_hba (and related code) is border-line too complicated as it is does hold some water. Complexity in code can lead to bugs, but complexity in syntax can lead to misconfigurations or unintentional infosec leaks which is usually more problematic. I would propose to not worry about code and instead just discuss a potential new format for annotations, and only implement parsing and handling once something has been agreed upon. This should be in a new thread however to ensure visibility, since it's beyond the subject of this thread. -- Daniel Gustafsson
В списке pgsql-hackers по дате отправления: