pg_hba.conf view from the database?
Dear hackers,
I'm still developing some advisor views to give advices about tables,
database settings and so in postgresql.
I'm thinking of allowing advices about incoherent or dangerous "host base
authentification" configurations. I would like to access pg_hba.conf
from within the database. However, I could not find any pg_catalog that
would fit my needs.
- am I missing something? I'm afraid not, but "yes" would be good news;-)
- is it a design principle that this information is not available,
or just a lack of time and/or need up to know?
would it make sense to add such a view?
Thanks in advance,
--
Fabien Coelho - coelho@cri.ensmp.fr
On Tuesday 06 April 2004 12:10, Fabien COELHO wrote:
I'm thinking of allowing advices about incoherent or dangerous "host base
authentification" configurations. I would like to access pg_hba.conf
from within the database. However, I could not find any pg_catalog that
would fit my needs.- am I missing something? I'm afraid not, but "yes" would be good news;-)
Not
- is it a design principle that this information is not available,
or just a lack of time and/or need up to know?
would it make sense to add such a view?
I believe the thinking is that you want to check whether someone is allowed to
connect to the database without having to connect to the database. If someone
were to make bad connection attempts, they could easily run a denial of
service against your DB (whether intentionally or just due to an application
bug).
--
Richard Huxton
Archonet Ltd
- is it a design principle that this information is not available,
or just a lack of time and/or need up to know?
would it make sense to add such a view?I believe the thinking is that you want to check whether someone is
allowed to connect to the database without having to connect to the
database.
This is not the actual usage I have in mind, but this could be a possible
usage for such a view.
--
Fabien Coelho - coelho@cri.ensmp.fr
On Tue, 2004-04-06 at 08:23, Richard Huxton wrote:
On Tuesday 06 April 2004 12:10, Fabien COELHO wrote:
I'm thinking of allowing advices about incoherent or dangerous "host base
authentification" configurations. I would like to access pg_hba.conf
from within the database. However, I could not find any pg_catalog that
would fit my needs.- am I missing something? I'm afraid not, but "yes" would be good news;-)
Not
- is it a design principle that this information is not available,
or just a lack of time and/or need up to know?
would it make sense to add such a view?I believe the thinking is that you want to check whether someone is allowed to
connect to the database without having to connect to the database. If someone
were to make bad connection attempts, they could easily run a denial of
service against your DB (whether intentionally or just due to an application
bug).
I think that's one of the reasons it is implemented in a .conf file
(check archives, it was just discussed again recently) but that doesn't
answer the question of "why isn't the pg_hba.conf viewable from inside
the database" ? Seems a valid question since we show postgresql.conf
info database side.
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL