Participants
huxm
huxm
David Johnston
David Johnston
Bruce Momjian
Bruce Momjian
Andrew Dunstan
Andrew Dunstan
Attachments

No attachments in this thread

Thread Outline
#1huxmhuxm
Aug 01, 2013
#2David JohnstonDavid Johnstonto huxm (#1)
Aug 01, 2013
#3Bruce MomjianBruce Momjianto David Johnston (#2)
Aug 07, 2013
#4Andrew DunstanAndrew Dunstanto Bruce Momjian (#3)
Aug 07, 2013

How to configer the pg_hba record which the database name with "\n" ?

Started by huxmover 12 years ago4 messages
#1huxm
huxm
huxm@cn.fujitsu.com

Hi all,

I've come across an issue within pg_hba configuration which it seems
cannot not set the record of a database name where there is a
newline(\n) in the name.

I created the database whihin psql like this:
create database "ab
cd";

I have tried all the following records, but seems not to work:
local "ab\ncd "user auth-method
local "ab\\\ncd "user auth-method
local "ab
cd "user auth-method

Does PostgreSQL 9.2's client authentication support to match the
database name with "\n" ?

Cheers
--
--------------------------------------------------
Hu Xiaoming
MAIL : huxm@cn.fujitsu.com
--------------------------------------------------

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#2David Johnston
David Johnston
polobo@yahoo.com
In reply to: huxm (#1)
Re: How to configer the pg_hba record which the database name with "\n" ?

huxm wrote

where there is a
newline(\n) in the name.

I can't imagine why you would want to use non-printing characters in a name,
especially a database name. Even if the hba.conf file was able to interpret
it (which it probably cannot but I do not know for certain) client
interfaces are likely to have problems as well. Most of these would not
think of interpolating a database identifier in that manner but instead
treat the name as a literal value. Even when line-continuations are allowed
they are often cosmetic in nature and the resultant newline is discarded
during the pre-execution phase of the command interpreter.

Arguably having a check constraint on the catalog to prohibit such a name
would be more useful than trying to make such a construct functional.

I'd guess in the immediate term the users accessing this database would need
to have "all" as their target and then you use role-based authorization to
limit which specific databases are accessible.

David J.

--
View this message in context: http://postgresql.1045698.n5.nabble.com/How-to-configer-the-pg-hba-record-which-the-database-name-with-n-tp5765847p5765889.html
Sent from the PostgreSQL - hackers mailing list archive at Nabble.com.

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#3Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: David Johnston (#2)
Re: Re: How to configer the pg_hba record which the database name with "\n" ?

On Thu, Aug 1, 2013 at 07:26:38AM -0700, David Johnston wrote:

huxm wrote

where there is a
newline(\n) in the name.

I can't imagine why you would want to use non-printing characters in a name,
especially a database name. Even if the hba.conf file was able to interpret
it (which it probably cannot but I do not know for certain) client
interfaces are likely to have problems as well. Most of these would not
think of interpolating a database identifier in that manner but instead
treat the name as a literal value. Even when line-continuations are allowed
they are often cosmetic in nature and the resultant newline is discarded
during the pre-execution phase of the command interpreter.

Arguably having a check constraint on the catalog to prohibit such a name
would be more useful than trying to make such a construct functional.

I'd guess in the immediate term the users accessing this database would need
to have "all" as their target and then you use role-based authorization to
limit which specific databases are accessible.

I suppose the cleanest solution would be to allow a \n or a backslash
for line continuation, but I don't think pg_hba.conf supports those.

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#4Andrew Dunstan
Andrew Dunstan
andrew@dunslane.net
In reply to: Bruce Momjian (#3)
Re: Re: How to configer the pg_hba record which the database name with "\n" ?

On 08/07/2013 04:12 PM, Bruce Momjian wrote:

On Thu, Aug 1, 2013 at 07:26:38AM -0700, David Johnston wrote:

huxm wrote

where there is a
newline(\n) in the name.

I can't imagine why you would want to use non-printing characters in a name,
especially a database name. Even if the hba.conf file was able to interpret
it (which it probably cannot but I do not know for certain) client
interfaces are likely to have problems as well. Most of these would not
think of interpolating a database identifier in that manner but instead
treat the name as a literal value. Even when line-continuations are allowed
they are often cosmetic in nature and the resultant newline is discarded
during the pre-execution phase of the command interpreter.

Arguably having a check constraint on the catalog to prohibit such a name
would be more useful than trying to make such a construct functional.

I'd guess in the immediate term the users accessing this database would need
to have "all" as their target and then you use role-based authorization to
limit which specific databases are accessible.

I suppose the cleanest solution would be to allow a \n or a backslash
for line continuation, but I don't think pg_hba.conf supports those.

It doesn't. I really think this comes into the category of "don't do
that!" The most we should do is document the pain that names with
embedded newlines can cause.

cheers

andrew

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

← Back to Topics