Re: host name support in pg_hba.conf - Mailing list pgsql-hackers

From Tom Lane
Subject Re: host name support in pg_hba.conf
Date
Msg-id 6705.1286917409@sss.pgh.pa.us
Whole thread Raw
In response to Re: host name support in pg_hba.conf  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: host name support in pg_hba.conf
List pgsql-hackers
Peter Eisentraut <peter_e@gmx.net> writes:
>> Hopefully final patch, which addresses the above issues, adds some
>> documentation enhancements, and the possibility to quote host names (in
>> case someone wants to have a host named "samehost").

Oh, I had an idea for a small improvement to this.  It doesn't seem
unlikely that pg_hba.conf could contain multiple entries with the same
host name (but, presumably, different user and/or database names).  As
this is coded, you'll do a forward DNS lookup for each one until finding
the complete match.  You could easily prevent that by adding an
additional cache field to struct Port, along the lines of+1 = remote_hostname is known to resolve to client's IP
address-1= remote_hostname is known NOT to resolve to client's IP address0 = we have not done the forward DNS lookup
yet.
With this additional field we could guarantee to do not more than two
DNS lookups per connection attempt.

It also seems worth taking a second look at the order of tests in
check_hba().  I suspect that on average check_db() and check_role()
will now be much cheaper than the client IP test; should they be
done first?  Of course, if you assume that "all" is the typical
entry in those columns, this doesn't win.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Dimitri Fontaine
Date:
Subject: SQL command to edit postgresql.conf, with comments (was: Issues with two-server Synch Rep)
Next
From: Andrew Dunstan
Date:
Subject: Re: Git cvsserver serious issue