Arcadius,
> Once, I've asked about the pg_hb.conf file ....
> IMHO, writing an app for parsing/editing that file *may* be a problem
> for those who develop control panels used by web hosting companies ....
>
> IMHO, moving the info in pg_hb.conf into the DB itself may attract
> control panel developers.
While one could write a utility in Postgres to create/process the file, the
"live" version of pg_hba.conf *must* be outside the database. If our ACL
was in the database, then how would we know who has the rights to read the
ACL? Systems which store their ACLs in the database (MSSQL) are continuously
vulnerable to attacks that piggy-back on the authentication process to gain
entry to the database, e.g. the "Slammer" worm.
Also, users would risk a permanent fatal lockout if they mis-configure pg_hba.
--
Josh Berkus
Aglio Database Solutions
San Francisco