Tom Lane wrote:
>"Andrew Dunstan" <andrew@dunslane.net> writes:
>
>
>>Tom Lane said:
>>
>>
>>>On an implementation level, where are you thinking of enforcing this?
>>>
>>>
>
>
>
>>Without digging deeply at all I thought probably in the postmaster.
>>
>>
>
>Nah, that's a nonstarter, because the postmaster has basically no
>information about its children except for their PIDs and cancel keys.
>In particular it does not know which database or user each one is for,
>and really can't because the connection request packet is not input
>from the client connection until after fork().
>
>AFAICS there's really no other way to get this information than by
>looking in shared memory. The PGPROC array already has info about
>connected databases. I don't think it stores info about session user,
>but that would be an easy and cheap addition.
>
>
>
>>I'm not at all dogmatic about using pg_hba.conf - it just seemed similar
>>to the info we carry there.
>>
>>
>
>It's not necessarily a bad idea; we'd just need to adjust our theory
>about when the cached pg_hba.conf data can be freed.
>
>
>
Did we reach a concensus about how this should be done? From a config
file? If so, should it be pg_hba.conf? Or from a table?
cheers
andrew