Re: pg_upgrade using appname to lock out other users

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Bruce Momjian <bruce@momjian.us>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2011-06-17T03:51:26Z
Lists: pgsql-hackers
On Thu, Jun 16, 2011 at 11:47 PM, Bruce Momjian <bruce@momjian.us> wrote:
> Robert Haas wrote:
>> > We can pick different options for 9.0, 9.1, and 9.2. ?(For PG 9.0
>> > probably only #1 is appropriate.)
>>
>> I don't like any of these options as well as what I already proposed.
>> I proposed a complicated approach that actually fixes the problem for
>> real; you're proposing a whole bunch of simpler approaches all of
>> which have pretty obvious holes.  We already have something that only
>> sorta works; replacing it with a different system that only sorta
>> works is not going to be a great leap forward.
>
> What is your proposal?  Write a password into a file that is read by the
> postmaster on startup and used for connections?  That would remove the
> "modify pg_hba.conf to 'trust'" step, but again only for new servers.

Yeah, as noted upthread, I'd probably create a binary_upgrade.conf
that works like recovery.conf, if it were me.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company