| From: | Jim Nasby <jim(at)nasby(dot)net> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Jerry Sievers <gsievers19(at)comcast(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: HBA files w/include support? |
| Date: | 2014-02-16 20:41:04 |
| Message-ID: | 53012260.4010809@nasby.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2/14/14, 8:36 AM, Stephen Frost wrote:
> * Bruce Momjian (bruce(at)momjian(dot)us) wrote:
>> In an ideal world we would have a tool where you could plug in a
>> username, database, IP address, and test pg_hba.conf file and it would
>> report what line is matched.
>
> That's not a bad idea, but we don't expose the logic that figures that
> out today.. It would, perhaps, not be horrible to duplicate it, but
> then we'd need to make sure that we update both places if it ever
> changes (not that it's changed much in oh-so-many-years). Perhaps
> another candidate to be a GSoC project.
Stupid question... is there a reason we couldn't use the same code for both?
BTW, I'm not sure that SQL would be the appropriate API for this testing; but presumably it wouldn't be hard to add functionality to the wire protocol to support the case of "hypothetically, if I were to attempt a connection that looks like this, what would happen?"
--
Jim C. Nasby, Data Architect jim(at)nasby(dot)net
512.569.9461 (cell) http://jim.nasby.net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2014-02-16 20:41:17 | Draft release notes up for review |
| Previous Message | David Beck | 2014-02-16 20:36:57 | Re: New hook after raw parsing, before analyze |