On Mon, Apr 19, 2010 at 4:30 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Simon Riggs <si...@2ndquadrant.com> writes: >> Point of note on giving information to the bad guys: if a >> should-be-rejected connection request attempts to connect to a >> non-existent database, we say "database does not exist". > > Yeah. This was an acknowledged shortcoming of the changes to eliminate > flat-file storage of authentication information --- as of 9.0, it's > necessary to connect to some database in order to proceed with auth > checking. We discussed it at the time and agreed it was an acceptable > loss. > > The only way I can think of to improve that without going back to flat > files would be to develop a way for backends to switch databases after > initial startup, so that auth could be done in a predetermined database > (say, "postgres") before switching to the requested DB. This has enough > potential gotchas, in regards to catalog caching for instance, that I'm > not eager to go there.
Would it be possible to set up a skeleton environment where we can access shared catalogs only and then decide on which database we're using later? ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
