On Thu, 2006-03-30 at 12:43, Chris Browne wrote:
> andrew@dunslane.net (Andrew Dunstan) writes:
> > We don't have the luxury of being able just to throw out old stuff
> > because we think it might be neater to do it another way. The current
> > rules for HBA are order dependent. The issue raised as I understood it
> > was not to invent a new scheme but to be able to manage it from inside
> > a postgres session.
>
> If the need to support "legacy usage" mandates something like Svenne
> Krap's suggestion of a control flag inside pg_hba.conf, or something
> otherwise akin to Robert Treat's suggestions, then I think this *is*
> designing something new/neater.
>
> I think it would take a fair bit of work (and kludging of design) to
> build something to slavishly emulate pg_hba.conf; it seems to me that
> it is a much better thing to have an inside-the-database HBA scheme be
> based on what is a good design inside-the-database.
>
+1
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
