Re: pg_hba.conf view from the database? - Mailing list pgsql-hackers

From Robert Treat
Subject Re: pg_hba.conf view from the database?
Date
Msg-id 1081273477.31785.81.camel@camel
Whole thread Raw
In response to Re: pg_hba.conf view from the database?  (Richard Huxton <dev@archonet.com>)
List pgsql-hackers
On Tue, 2004-04-06 at 08:23, Richard Huxton wrote:
> On Tuesday 06 April 2004 12:10, Fabien COELHO wrote:
> >
> > I'm thinking of allowing advices about incoherent or dangerous "host base
> > authentification" configurations. I would like to access pg_hba.conf
> > from within the database. However, I could not find any pg_catalog that
> > would fit my needs.
> >
> > - am I missing something? I'm afraid not, but "yes" would be good news;-)
> 
> Not
> 
> > - is it a design principle that this information is not available,
> >   or just a lack of time and/or need up to know?
> >   would it make sense to add such a view?
> 
> I believe the thinking is that you want to check whether someone is allowed to 
> connect to the database without having to connect to the database. If someone 
> were to make bad connection attempts, they could easily run a denial of 
> service against your DB (whether intentionally or just due to an application 
> bug).
> 

I think that's one of the reasons it is implemented in a .conf file
(check archives, it was just discussed again recently) but that doesn't
answer the question of "why isn't the pg_hba.conf viewable from inside
the database" ?  Seems a valid question since we show postgresql.conf
info database side.

Robert Treat
-- 
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Function to kill backend
Next
From: Josh Berkus
Date:
Subject: Re: Function to kill backend