On Thursday 06 April 2006 09:45, Gevik Babakhani wrote:
> Hello Folks,
>
> This may be a dumb question but please bear a moment with me.
> About the TODO item %Allow pg_hba.conf settings to be controlled via
> SQL: If in the future we could configure the settings by SQL commands,
> assuming the settings are saved in an internal table, what would be the
> need for a pg_hba.conf file anymore. (except for the backward
> compatibility of cource)
>
I've generally been keeping the idea around as a foot-gun saver for when
people lock themselves out of the database via the sql commands; this could
give them a fall back mechanism to do authentication without something more
drastic.
I think some people might also prefer the pg_hba.conf method as more secure,
since it requires local access to modify, making remote exploits a wee bit
harder (admin tools that provide this functionality not-withstanding)
--
Robert Treat
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL