From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
---|---|
To: | Viswanatham kirankumar <viswanatham(dot)kirankumar(at)huawei(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Christoph Berg <cb(at)df7cb(dot)de> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [TODO] Process pg_hba.conf keywords as case-insensitive |
Date: | 2014-08-21 07:42:14 |
Message-ID: | 53F5A2D6.2050208@vmware.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 07/23/2014 09:14 AM, Viswanatham kirankumar wrote:
>> On 16 July 2014 23:12, Tom Lane wrote
>>> Christoph Berg <cb(at)df7cb(dot)de> writes:
>>> Re: Viswanatham kirankumar 2014-07-16
>>> <EC867DEF52699D4189B584A14BAA7C2165440538(at)blreml504-mbx(dot)china(dot)huawei(dot)com>
>>>> Attached patch is implementing following TODO item Process
>>>> pg_hba.conf keywords as case-insensitive
>
>>> Hmm. I see a case for accepting "ALL" (as in hosts.allow(5)), so +1 on
>>> that, but I don't think the other keywords like "host" and "peer"
>>> should be valid in upper case.
>
>> I think the argument was that SQL users are accustomed to thinking that keywords are
>> case-insensitive. It makes sense to me that we should adopt that same convention in pg_hba.conf.
>
>> Re-reading the original thread, there was also concern about whether
>> we should try to make quoting/casefolding behave more like it does in SQL,
>> specifically for matching pg_hba.conf items to SQL identifiers (database and role names).
>> This patch doesn't seem to have addressed that part of it, but I think we need to think those
>> things through before we just do a blind s/strcmp/pg_strcasecmp/g. Otherwise we might
>> find that we've added ambiguity that will give us trouble when we do try to fix that.
>
> I had updated as per you review comments
>
> 1) database and role names behave similar to SQL identifiers (case-sensitive / case-folding).
>
> 2) users and user-groups only requires special handling and behavior as follows
> Normal user :
> A. unquoted ( USER ) will be treated as user ( downcase ).
> B. quoted ( "USeR" ) will be treated as USeR (case-sensitive).
> C. quoted ( "+USER" ) will be treated as normal user +USER (i.e. will not be considered as user-group) and case-sensitive as string is quoted.
> User Group :
> A. unquoted ( +USERGROUP ) will be treated as +usergruop ( downcase ).
> B. plus quoted ( +"UserGROUP" ) will be treated as +UserGROUP (case-sensitive).
>
> 3) Host name is not a SQL object so it will be treated as case-sensitive
> except for all, samehost, samenet are considered as keywords.
> For these user need to use quotes to differentiate between hostname and keywords.
>
> 4) All the fixed keywords mention in pg_hba.conf and Client Authentication section will be considered as keywords
> Eg: host, local, hostssl etc..
With this patch, database (and role?) names are compared
case-insensitively. For example:
local MixedDB all trust
local mixedDB all reject
psql -d "mixedDB"
psql (9.5devel)
Type "help" for help.
mixedDB=#
That connection should've matched that 2nd line, and be rejected.
PS. Please update the docs.
- Heikki
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Davis | 2014-08-21 07:49:50 | Re: 9.5: Memory-bounded HashAgg |
Previous Message | Andrew Gierth | 2014-08-21 07:37:42 | Re: WIP Patch for GROUPING SETS phase 1 |