* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost <sfr...@snowman.net> writes: > > I understand that there may be objections to that on the basis that it's > > work that's (other than for this case) basically useless, > > Got it in one.
Meh. It's hardly all that difficult and it's not useless if the user wants to look at it. > I'm also not terribly happy about leaving security-relevant data sitting > around in backend memory 100% of the time. We have had bugs that exposed > backend memory contents for reading without also granting the ability to > execute arbitrary code, so I think doing this does represent a > quantifiable decrease in the security of pg_hba.conf. How is that any different from today? The only time it's not *already* in backend memory is when the user has happened to go through and make a change and used reload (instead of restart) and then it's not so much that the security sensetive information isn't there, it's just out of date. I'm not entirely against the idea of changing how things are today, but this argument simply doesn't apply to the current state of things. Thanks! Stephen
signature.asc
Description: Digital signature