Re: Should database = all in pg_hba.conf match a replication connection?
| От | Robert Haas |
|---|---|
| Тема | Re: Should database = all in pg_hba.conf match a replication connection? |
| Дата | |
| Msg-id | 4927198544210548164@unknownmsgid обсуждение исходный текст |
| Ответ на | Should database = all in pg_hba.conf match a replication connection? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Should database = all in pg_hba.conf match a
replication connection?
|
| Список | pgsql-hackers |
On Apr 20, 2010, at 7:06 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > I spent a fair amount of time just now being confused about why > pg_hba.conf restrictions on replication connections didn't seem to be > getting enforced. After looking at the code, I realize that my entry > with database = "replication" was indeed getting rejected as not > matching, but then the hba code was falling through and matching an > entry with database = "all". This is not the behavior I expected > after > looking at the docs; the docs seem to imply that SR connections must > match an explicit replication entry in pg_hba.conf in order to > succeed. > > Should we change this? It seems to me to be a good thing on security > grounds if replication connections can't be made through a generic > pg_hba entry. +1. ...Robert
В списке pgsql-hackers по дате отправления: