On Fri, 2003-10-17 at 07:23, Bruce Momjian wrote:
> Neil Conway wrote:
> > On Thu, 2003-10-16 at 12:54, Josh Berkus wrote:
> > > While one could write a utility in Postgres to create/process the file, the
> > > "live" version of pg_hba.conf *must* be outside the database. If our ACL
> > > was in the database, then how would we know who has the rights to read the
> > > ACL?
> >
> > I don't see why this is a show-stopping problem. Can you elaborate?
>
> We don't want to fire up a backend until we know this is a valid user.
> You could easily bring a server to a standstill by just sending false
> connection requests. Sure, you can still do that by flooding the
> machine, but a database lookup is significantly more expensive than
> checking a connection packet.
<devils advocate>
why not hav a guc available in postgresql.conf that switches
authentication from a pg_hba.conf file to a pg_hba table inside the
database? this would allow people to choose a database based
authentication scheme if their willing to shoulder the "risks" involved,
and would prevent database lockout since you could always flip the guc
and restart the database to authenticate against the file to allow
admins back into the system
</devils advocate>
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
