On Wed, Dec 23, 2015 at 12:56 PM, Haribabu Kommi <kommi.harib...@gmail.com> wrote:
> On Wed, Dec 23, 2015 at 8:54 PM, Shulgin, Oleksandr > <oleksandr.shul...@zalando.de> wrote: > > > > 1. Have you considered re-loading the HBA file upon call to this > function in > > a local context instead of keeping it in the backends memory? I do not > > expect that the revert of 1e24cf645d24aab3ea39a9d259897fd0cae4e4b6 would > be > > accepted, as the commit message refers to potential security problems > with > > keeping this data in backend memory: > > > > ... This saves a > > probably-usually-negligible amount of space per running backend. It > > also > > avoids leaving potentially-security-sensitive data lying around in > > memory > > in processes that don't need it. You'd have to be unusually > paranoid to > > think that that amounts to a live security bug, so I've not gone so > far > > as > > to forcibly zero the memory; but there surely isn't a good reason to > > keep > > this data around. > > Yes, it is possible to load the file locally whenever the lookup > function is called. > Only thing i am considering is performance impact because of huge file load > whenever the function is called. > Not sure why do you call it huge? Anyway since this is going to be used to debug connection problems, I would expect the performance impact to be insignificant. On the other hand, re-loading the HBA file in the function will enable the DBA to test if a proposed change to the HBA file fixes the client problem w/o making the server to reload the config. > 3. What happens with special keywords for database column like > > sameuser/samerole/samegroup and for special values in the user column? > > There is no special handling for the keywords in this approach. Based on > the > inputs to the function, it checks for the matched line in all hba lines. > > For example, if a configuration line contains 'all' for database and user > names, > then if user gives any database name and user name this line will be > matched > and returned. > Now I wonder why are you trying to re-implement the checks found in hba.c's check_hba() instead of extending this function to provide textual reason(s) for skipping/rejection? -- Alex
