Fujii Masao wrote:
On Fri, Oct 31, 2008 at 11:12 PM, Heikki Linnakangas
<[EMAIL PROTECTED]> wrote:
AFAICS, there's no security, at all. Anyone that can log in, can become a
WAL sender, and receive all WAL for the whole cluster.
One simple solution is to define the database only for replication. In
this solution,
we can handle the authentication for replication like the usual database access.
That is, pg_hba.conf, the cooperation with a database role, etc are
supported also
in replication. So, a user can set up the authentication rules easily.
You mean like a pseudo database name in pg_hba.conf, and in the startup
message, that actually means "connect for replication"? Yeah, something
like that sounds reasonable to me.
> ISTM that there
> is no advantage which separates authentication for replication from
the existing
> mechanism.
Agreed.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers