Re: [HACKERS] Enabling replication connections by default inpg_hba.conf
| От | Petr Jelinek |
|---|---|
| Тема | Re: [HACKERS] Enabling replication connections by default inpg_hba.conf |
| Дата | |
| Msg-id | f6abd754-37b2-5cc8-af35-25fbf9795ae4@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Enabling replication connections by default in pg_hba.conf (Simon Riggs <simon@2ndquadrant.com>) |
| Список | pgsql-hackers |
On 02/02/17 14:32, Simon Riggs wrote: > On 23 January 2017 at 04:29, Michael Paquier <michael.paquier@gmail.com> wrote: >> Hi all, >> >> As now wal_level = replica has become the default for Postgres 10, >> could we consider as well making replication connections enabled by >> default in pg_hba.conf? > > Agreed > >> This requires just uncommenting a couple of >> lines in pg_hba.conf.sample. > > I don't think that is the right way to do this. Changing the default > doesn't reduce the complexity. > > I think we should remove the "replication" false database concept in > pg_hba.conf altogether and allow any valid pg_hba rule to invoke a > replication connection, if one is requested. Roles would still need > the REPLICATION capability before this would be allowed. Having both > of those things doesn't materially improve security control. > +1 > It would also be useful to be able prevent users with REPLICATION > capability from connecting as normal users, if the are marked as > NOLOGIN. > +1 -- Petr Jelinek http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: