Fujii Masao wrote:
> On Fri, Oct 31, 2008 at 11:12 PM, Heikki Linnakangas
> <heikki.linnakangas@enterprisedb.com> wrote:
>> AFAICS, there's no security, at all. Anyone that can log in, can become a
>> WAL sender, and receive all WAL for the whole cluster.
>
> One simple solution is to define the database only for replication. In
> this solution,
> we can handle the authentication for replication like the usual database access.
> That is, pg_hba.conf, the cooperation with a database role, etc are
> supported also
> in replication. So, a user can set up the authentication rules easily.
You mean like a pseudo database name in pg_hba.conf, and in the startup
message, that actually means "connect for replication"? Yeah, something
like that sounds reasonable to me.
> ISTM that there> is no advantage which separates authentication for replication from
the existing> mechanism.
Agreed.
-- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com