There is something to be said though with the security of not allowing the daemon to alter pg_hba.conf. What I think would work is a two step auth process that uses a pg_hba table then falls back to pg_hba.conf if there is no match. This keeps the complete security of preventing compromised database from altering the text file.
Magnus Hagander wrote: > Gavin M. Roy wrote: >> I think for one, mysql uses tables for all of its access control. >> Coding plesk/cpanel to modify pg_hba.conf and rehup postgres would take >> a bit more work, I would imagine. > > In a lot of environments, it'd certainly be impossible, at least until > we make it possible to edit the config files remote... (oops, recap of > endless amounts of discussions on letting pgadmin do that..)
Well more to the point. There really is zero reason why we can't have a table representation of pg_hba_conf that is the pg_hba.conf file that has triggers that right out the file.
> >> Do we really want to pursue making PostgreSQL easier to admin for the >> non-system admin? Cpanel and plesk and like tools are pretty far down >> the list of important things to support or code for. > > If we want to make inroads into shared-hosting environments, it would > certainly help...
It is not just shared hosting... dedicated hosting starts as little as 69.00 with Cpanel :)...
Note that I am not advocating making it easier for Cpanel. I am just making a point that it is not limited to shared hosting.
I am however advocating that it is pretty dumb that our conf files are *required* as a little text file on the filesystem and can not be managed via the database.
Joshua D. Drake
> > //Magnus > > ---------------------------(end of broadcast)--------------------------- > TIP 6: explain analyze is your friend >
--
=== The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/
