On Thu, May 3, 2012 at 4:26 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> On Thu, May 3, 2012 at 4:13 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> Magnus Hagander <magnus@hagander.net> writes:
>>>> Is there a particular reason we don't have an ALTER DATABASE switch
>>>> that controls the datallowconn, or is it just something "missed out"?
>
>>> It was never intended to be a user-accessible switch, just something to
>>> protect template0.
>
>> It can be rather useful for others as well, though - since it works as
>> a defense against superusers doing the wrong thing..
>
> I'm having a hard time seeing the use-case for a user-created database
> that nobody at all can connect to. Even if there is some marginal use
template databases.
> for that, you could achieve the result with a special entry in
> pg_hba.conf to "reject" all connection attempts for that DB.
Yeah, that would work.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/