I agree. Security is a good reason to have the pg_bha.conf around. I guess it would make the TODO item a bit harder to develop hence one has to read and write the file to support the future SQL commands too. I also looked at the code for a moment; perhaps using a yacc/lex mechanism would make things easier to develop the TODO item. Like creating a simple parser for the config file to be able to read and or update it.
Reagrds, Gevik. > On Thursday 06 April 2006 09:45, Gevik Babakhani wrote: >> Hello Folks, >> >> This may be a dumb question but please bear a moment with me. >> About the TODO item %Allow pg_hba.conf settings to be controlled via >> SQL: If in the future we could configure the settings by SQL commands, >> assuming the settings are saved in an internal table, what would be the >> need for a pg_hba.conf file anymore. (except for the backward >> compatibility of cource) >> > > I've generally been keeping the idea around as a foot-gun saver for when > people lock themselves out of the database via the sql commands; this > could > give them a fall back mechanism to do authentication without something > more > drastic. > > I think some people might also prefer the pg_hba.conf method as more > secure, > since it requires local access to modify, making remote exploits a wee bit > harder (admin tools that provide this functionality not-withstanding) > > -- > Robert Treat > Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL > > ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend