Thread: pg_hba.conf view from the database?
Dear hackers, I'm still developing some advisor views to give advices about tables, database settings and so in postgresql. I'm thinking of allowing advices about incoherent or dangerous "host base authentification" configurations. I would like to access pg_hba.conf from within the database. However, I could not find any pg_catalog that would fit my needs. - am I missing something? I'm afraid not, but "yes" would be good news;-) - is it a design principle that this information is not available, or just a lack of time and/or need up to know? would itmake sense to add such a view? Thanks in advance, -- Fabien Coelho - coelho@cri.ensmp.fr
On Tuesday 06 April 2004 12:10, Fabien COELHO wrote: > > I'm thinking of allowing advices about incoherent or dangerous "host base > authentification" configurations. I would like to access pg_hba.conf > from within the database. However, I could not find any pg_catalog that > would fit my needs. > > - am I missing something? I'm afraid not, but "yes" would be good news;-) Not > - is it a design principle that this information is not available, > or just a lack of time and/or need up to know? > would it make sense to add such a view? I believe the thinking is that you want to check whether someone is allowed to connect to the database without having to connect to the database. If someone were to make bad connection attempts, they could easily run a denial of service against your DB (whether intentionally or just due to an application bug). -- Richard Huxton Archonet Ltd
> > - is it a design principle that this information is not available, > > or just a lack of time and/or need up to know? > > would it make sense to add such a view? > > I believe the thinking is that you want to check whether someone is > allowed to connect to the database without having to connect to the > database. This is not the actual usage I have in mind, but this could be a possible usage for such a view. -- Fabien Coelho - coelho@cri.ensmp.fr
On Tue, 2004-04-06 at 08:23, Richard Huxton wrote:
> On Tuesday 06 April 2004 12:10, Fabien COELHO wrote:
> >
> > I'm thinking of allowing advices about incoherent or dangerous "host base
> > authentification" configurations. I would like to access pg_hba.conf
> > from within the database. However, I could not find any pg_catalog that
> > would fit my needs.
> >
> > - am I missing something? I'm afraid not, but "yes" would be good news;-)
>
> Not
>
> > - is it a design principle that this information is not available,
> > or just a lack of time and/or need up to know?
> > would it make sense to add such a view?
>
> I believe the thinking is that you want to check whether someone is allowed to
> connect to the database without having to connect to the database. If someone
> were to make bad connection attempts, they could easily run a denial of
> service against your DB (whether intentionally or just due to an application
> bug).
>
I think that's one of the reasons it is implemented in a .conf file
(check archives, it was just discussed again recently) but that doesn't
answer the question of "why isn't the pg_hba.conf viewable from inside
the database" ? Seems a valid question since we show postgresql.conf
info database side.
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL