Re: Why don't we allow DNS names in pg_hba.conf?
| От | Jon Jensen |
|---|---|
| Тема | Re: Why don't we allow DNS names in pg_hba.conf? |
| Дата | |
| Msg-id | Pine.LNX.4.64.0601031247100.20979@ybpnyubfg.ybpnyqbznva обсуждение исходный текст |
| Ответ на | Re: Why don't we allow DNS names in pg_hba.conf? (Tino Wildenhain <tino@wildenhain.de>) |
| Список | pgsql-hackers |
On Tue, 3 Jan 2006, Tino Wildenhain wrote: >>> One thing that bothers me slightly is that we would need to look up each >>> name (at least until we found a match) for each connection. If you had >>> lots of names in your pg_hba.conf that could be quite a hit. >> >> A possible answer to that is to *not* look up the names from >> pg_hba.conf, but instead restrict the feature to matching the >> reverse-DNS name of the client. This limits the cost to one lookup per >> connection instead of N (and it'd be essentially free if you have >> log_hostnames turned on, since we already do that lookup in that case). > > Or alternatively (documented) scan and translate the names > only on restart or sighup. This would limit the overhead > and changes to the confile-scanner only and would > at least enable symbolic names in the config files. > (Of course w/o any wildcards - that would be the drawback) That's what I suggested yesterday, but others didn't like it and the possibility of using /etc/hosts or a name server on the local network to mitigate speed concerns makes me think they're right. Jon -- Jon Jensen End Point Corporation http://www.endpoint.com/
В списке pgsql-hackers по дате отправления: