>> pg_hba should become another system table that can be modified with simple
>> SQL queries, and is modifiable (readable?) only by those with createdb
>> privileges ...
> And have it dump like pg_shadow. Yea, I guess we could do that.
Yeah, the postmaster needs to see it as a flat file, but we could have
an update trigger like for pg_shadow.
I'm not convinced that it's cool to grant read rights on the table even
to those with createdb privileges. ("Wow, Joe Blow is running his
database with no connection security...") If we had a setup such that
one could only see the rows for databases one owns, it'd work. This
could be enforced by a view, perhaps, like we do for pg_user.
regards, tom lane