Peter Eisentraut <peter_e@gmx.net> writes:
> On tis, 2011-10-18 at 18:38 -0400, Tom Lane wrote:
>> Well, an actually empty pg_hba.conf file would have the same problem,
>> and it's pretty hard to see any situation where it would be useful to
>> start the postmaster and not let it accept any connections. Should we
>> add a check to consider it an error if the file doesn't contain at least
>> one HBA record?
> If you try to connect and it doesn't find a record, it will tell you.
Yeah, but the damage is already done. I see the main practical benefit
of this being to prevent accidental loading of a trashed pg_hba file.
> I wouldn't add extra special checks for that. It might not be
> completely unreasonable to have a standby that no one can connect to,
> for example.
Well, you couldn't monitor its state then, so I don't find that example
very convincing. But if you were intent on having that, you could
easily set up a pg_hba file containing only "reject" entries.
regards, tom lane
