Brian Hurt wrote:
> There are two advantages to having pg_hba.conf a file and not a table:
> 1) It allows me to configure access permissions *before* bringing up the
> database, and
No problem -- just set tight default permissions in the first place.
(We do have an initdb switch to control this, actually).
> 2) If I screw up and forget the postgres password, I can set local host
> to "trust", log in, and change it.
No problem -- stop the postmaster, start a standalone backend, change
the password, restart. This is the fix we suggest for when you revoke
superuserness from all users, for example.
The only problem with this solution is that it requires a restart,
whereas the one you propose only requires you to reload. But then, if
you reload with very open permissions to be able to change the password,
do you really want to be allowing anybody else near the database?
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.