Re: pg_upgrade using appname to lock out other users
Jesper Krogh <jesper@krogh.cc>
From: Jesper Krogh <jesper@krogh.cc>
To: Bruce Momjian <bruce@momjian.us>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2011-06-15T05:30:14Z
Lists: pgsql-hackers
On 2011-06-15 05:01, Bruce Momjian wrote: > You might remember we added a postmaster/postgres -b switch to indicate > binary upgrade mode. The attached patch prevents any client without an > application_name of 'binary-upgrade' from connecting to the cluster > while it is binary upgrade mode. This helps prevent unauthorized users > from connecting during the upgrade. This will not help for clusters > that do not have the -b flag, e.g. pre-9.1. > > Does this seem useful? Something for 9.1 or 9.2? > > This idea came from Andrew Dunstan via IRC during a pg_upgrade run by > Stephen Frost when some clients accidentally connected. (Stephen reran > pg_upgrade successfully.) Couldn't the -b flag also imply a very strict hba.conf configuration, that essentially only lets pg_upgrade in..? -- Jesper