Re: Providing catalog view to pg_hba.conf file - Patch submission

2015-02-27 22:26 GMT+01:00 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:

> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > Right, we also need a view (or function, or both) which provides what
> > the *active* configuration of the running postmaster is. This is
> > exactly what I was proposing (or what I was intending to, at least) with
> > pg_hba_active, so, again, I think we're in agreement here.
>
> I think that's going to be a lot harder than you realize, and it will have
> undesirable security implications, in that whatever you do to expose the
> postmaster's internal state to backends will also make it visible to other
> onlookers; not to mention probably adding new failure modes.
>

we can do copy of pg_hba.conf somewhere when postmaster starts or when it
is reloaded.

Later, we can read this copy from child nodes.

Is it a possibility?

Regards

Pavel

>
> There are also nontrivial semantic differences in this area between
> Windows and other platforms (ie in an EXEC_BACKEND build the current file
> contents *are* the active version). If you insist on two views you will
> need to explain why/how they act differently on different platforms.
>
> I think the proposed mechanism (ie read and return the current contents of
> the file) is just fine, and we should stop there rather than engineering
> this to death. We've survived twenty years with *no* feature of this
> sort, how is it suddenly essential that we expose postmaster internal
> state?
>
> regards, tom lane
>