* Joshua D. Drake (jd@commandprompt.com) wrote:
> Allow pg_hba.conf to specify host names along with IP addresses
Excellent.
> Host name lookup could occur when the postmaster reads the pg_hba.conf
> file, or when the backend starts. Another solution would be to reverse
> lookup the connection IP and check that hostname against the host names
> in pg_hba.conf. We could also then check that the host name maps to the
> IP address.
I'm inclined towards doing the reverse-DNS of the connecting IP and then
checking that the forward of that matches.
> Allow one to specify a FQDN or a simple wild card DN. E.g;
> *.commandprompt.com.
>
> A valid entry would look like this:
>
> host all all *.commandprompt.com trust
> host all all www1.postgresql.org md5
>
> Thoughts?
While a wildcard does make sense (ie: www*.postgresql.org), I would
generally expect 'commandprompt.com' to mean '*.commandprompt.com'
implicitly.
Thanks!
Stephen