On Thu, Aug 8, 2013 at 2:39 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > h...@tbz-pariv.de writes: >> For easier deployment it would be nice to have an include_dir directive in >> pg_hba.conf. > > This doesn't seem like a remarkably good idea from here, mainly because > entries in pg_hba.conf are critically order-dependent. Dropping random > entries into a conf.d-like directory could produce unexpected results > --- and in this case, "unexpected result" probably means "security > failure".
If they are random, yes. You could easliy define them as ordered though, by strict alphabetical ordering etc. It's still a pretty decently sized footgun for people though, and I'm not sure how useful it would actually be. And with the risk of misconfiguration being a security hole rather than a badly configured database (which would be the problem with a simliar thing for postgresql.conf). Perhaps the OP has a specific usecase to share where this would actually be both safe and useful? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
