Home > mailing lists

Re: Let people set host(no)ssl settings from initdb - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Let people set host(no)ssl settings from initdb
Date	December 12, 2019 08:23:42
Msg-id	2603.1576128222@sss.pgh.pa.us Whole thread Raw
In response to	Let people set host(no)ssl settings from initdb (David Fetter <david@fetter.org>)
Responses	Re: Let people set host(no)ssl settings from initdb (David Fetter <david@fetter.org>)
List	pgsql-hackers

Tree view

David Fetter <david@fetter.org> writes:
> I've found myself writing a lot of boilerplate pg_hba.conf entries
> along the lines of
>     hostnossl    all     all     0.0.0.0/0      reject
>     hostssl      all     all     0.0.0.0/0      md5
> so I thought I'd make it easier to do that from initdb.
> What say?

I'm pretty suspicious of loading down initdb with random configuration
options, because I think most people nowadays use PG via vendor packages
that script their calls to initdb.  So an option like this doesn't help
unless you can persuade all those vendors to pass the option through.

That problem exists even before you get to the question of whether
this specific option is useful or well-designed ... a question I'm
not opining about here, but it would certainly require thought.

            regards, tom lane

pgsql-hackers by date:

From: Thomas Munro
Date: 12 December 2019, 08:09:44
Subject: Re: Collation versioning

From: Tom Lane
Date: 12 December 2019, 08:31:52
Subject: Re: Collation versioning

Re: Let people set host(no)ssl settings from initdb - Mailing list pgsql-hackers

Previous

Next