On Fri, Jun 13, 2008 at 08:51:19PM +0100, Simon Riggs wrote: > The best of both ideas would be to have an option inside pg_hab.conf to > indicate when lookup occurs. Some parts of a network are static, others > are not, so a global option would not be useful.
We would point and laugh at people who thought that something was "static" inside PostgreSQL, and depended on that for something critical without some pretty heavy-duty locks. Are we really proposing to offer an authentication mechanism that depends on something as flimsy as hostname lookups in the DNS, and then not insist that the bare minimum of integrity check ("I checked this DNS lookup at connection time") is the rule? DNS is a distributed database. Surely the least we can demand is that the lookup happen when the naive think it will (i.e., at the time the connection from that hostname happens). > If the user knows a portion of their network is static, If there were the slightest evidence that users historically believed in such "knowledge" correctly, then I might have some sympathy for this. The fact is that DNS (at least without DNSSEC) is one of the areas in which sysadmins have the worst record of trust to this day. I think we'd be fools to encourage such trust. If you don't look up at _least_ at connection time, this feature should be rejected on the grounds that it opens a new authentication hole a mile wide. A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers