Re: [HACKERS] Enabling replication connections by default in pg_hba.conf

Поиск
Список
Период
Сортировка
От Simon Riggs
Тема Re: [HACKERS] Enabling replication connections by default in pg_hba.conf
Дата
Msg-id CANP8+jLroScN4dgb4RfAEx1pXkjNhF5869cSQ5eP3PCutNXQ=Q@mail.gmail.com
обсуждение исходный текст
Ответ на [HACKERS] Enabling replication connections by default in pg_hba.conf  (Michael Paquier <michael.paquier@gmail.com>)
Ответы Re: [HACKERS] Enabling replication connections by default inpg_hba.conf  (Petr Jelinek <petr.jelinek@2ndquadrant.com>)
Re: [HACKERS] Enabling replication connections by default inpg_hba.conf  (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Список pgsql-hackers
Дерево обсуждения 
On 23 January 2017 at 04:29, Michael Paquier <michael.paquier@gmail.com> wrote:
> Hi all,
>
> As now wal_level = replica has become the default for Postgres 10,
> could we consider as well making replication connections enabled by
> default in pg_hba.conf?

Agreed

> This requires just uncommenting a couple of
> lines in pg_hba.conf.sample.

I don't think that is the right way to do this. Changing the default
doesn't reduce the complexity.

I think we should remove the "replication" false database concept in
pg_hba.conf altogether and allow any valid pg_hba rule to invoke a
replication connection, if one is requested. Roles would still need
the REPLICATION capability before this would be allowed. Having both
of those things doesn't materially improve security control.

It would also be useful to be able prevent users with REPLICATION
capability from connecting as normal users, if the are marked as
NOLOGIN.

-- 
Simon Riggs                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Alvaro Herrera
Дата:
Сообщение: Re: [HACKERS] Patch: Write Amplification Reduction Method (WARM)
Следующее
От: "REIX, Tony"
Дата:
Сообщение: Re: [HACKERS] Deadlock in XLogInsert at AIX