On Tue, 2004-04-06 at 08:23, Richard Huxton wrote:
> On Tuesday 06 April 2004 12:10, Fabien COELHO wrote:
> >
> > I'm thinking of allowing advices about incoherent or dangerous "host base
> > authentification" configurations. I would like to access pg_hba.conf
> > from within the database. However, I could not find any pg_catalog that
> > would fit my needs.
> >
> > - am I missing something? I'm afraid not, but "yes" would be good news;-)
>
> Not
>
> > - is it a design principle that this information is not available,
> > or just a lack of time and/or need up to know?
> > would it make sense to add such a view?
>
> I believe the thinking is that you want to check whether someone is allowed to
> connect to the database without having to connect to the database. If someone
> were to make bad connection attempts, they could easily run a denial of
> service against your DB (whether intentionally or just due to an application
> bug).
>
I think that's one of the reasons it is implemented in a .conf file
(check archives, it was just discussed again recently) but that doesn't
answer the question of "why isn't the pg_hba.conf viewable from inside
the database" ? Seems a valid question since we show postgresql.conf
info database side.
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL