Обсуждение: How to configer the pg_hba record which the database name with "\n" ?
Hi all, I've come across an issue within pg_hba configuration which it seems cannot not set the record of a database name where there is a newline(\n) in the name. I created the database whihin psql like this: create database "ab cd"; I have tried all the following records, but seems not to work: local "ab\ncd "user auth-method local "ab\\\ncd "user auth-method local "ab cd "user auth-method Does PostgreSQL 9.2's client authentication support to match the database name with "\n" ? Cheers -- -------------------------------------------------- Hu Xiaoming MAIL : huxm@cn.fujitsu.com --------------------------------------------------
huxm wrote > where there is a > newline(\n) in the name. I can't imagine why you would want to use non-printing characters in a name, especially a database name. Even if the hba.conf file was able to interpret it (which it probably cannot but I do not know for certain) client interfaces are likely to have problems as well. Most of these would not think of interpolating a database identifier in that manner but instead treat the name as a literal value. Even when line-continuations are allowed they are often cosmetic in nature and the resultant newline is discarded during the pre-execution phase of the command interpreter. Arguably having a check constraint on the catalog to prohibit such a name would be more useful than trying to make such a construct functional. I'd guess in the immediate term the users accessing this database would need to have "all" as their target and then you use role-based authorization to limit which specific databases are accessible. David J. -- View this message in context: http://postgresql.1045698.n5.nabble.com/How-to-configer-the-pg-hba-record-which-the-database-name-with-n-tp5765847p5765889.html Sent from the PostgreSQL - hackers mailing list archive at Nabble.com.
Re: Re: How to configer the pg_hba record which the database name with "\n" ?
От
Bruce Momjian
Дата:
On Thu, Aug 1, 2013 at 07:26:38AM -0700, David Johnston wrote: > huxm wrote > > where there is a > > newline(\n) in the name. > > I can't imagine why you would want to use non-printing characters in a name, > especially a database name. Even if the hba.conf file was able to interpret > it (which it probably cannot but I do not know for certain) client > interfaces are likely to have problems as well. Most of these would not > think of interpolating a database identifier in that manner but instead > treat the name as a literal value. Even when line-continuations are allowed > they are often cosmetic in nature and the resultant newline is discarded > during the pre-execution phase of the command interpreter. > > Arguably having a check constraint on the catalog to prohibit such a name > would be more useful than trying to make such a construct functional. > > I'd guess in the immediate term the users accessing this database would need > to have "all" as their target and then you use role-based authorization to > limit which specific databases are accessible. I suppose the cleanest solution would be to allow a \n or a backslash for line continuation, but I don't think pg_hba.conf supports those. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
Re: Re: How to configer the pg_hba record which the database name with "\n" ?
От
Andrew Dunstan
Дата:
On 08/07/2013 04:12 PM, Bruce Momjian wrote: > On Thu, Aug 1, 2013 at 07:26:38AM -0700, David Johnston wrote: >> huxm wrote >>> where there is a >>> newline(\n) in the name. >> I can't imagine why you would want to use non-printing characters in a name, >> especially a database name. Even if the hba.conf file was able to interpret >> it (which it probably cannot but I do not know for certain) client >> interfaces are likely to have problems as well. Most of these would not >> think of interpolating a database identifier in that manner but instead >> treat the name as a literal value. Even when line-continuations are allowed >> they are often cosmetic in nature and the resultant newline is discarded >> during the pre-execution phase of the command interpreter. >> >> Arguably having a check constraint on the catalog to prohibit such a name >> would be more useful than trying to make such a construct functional. >> >> I'd guess in the immediate term the users accessing this database would need >> to have "all" as their target and then you use role-based authorization to >> limit which specific databases are accessible. > I suppose the cleanest solution would be to allow a \n or a backslash > for line continuation, but I don't think pg_hba.conf supports those. > It doesn't. I really think this comes into the category of "don't do that!" The most we should do is document the pain that names with embedded newlines can cause. cheers andrew