Re: Thoughts on pg_hba.conf rejection
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Simon Riggs <simon@2ndquadrant.com>, Stephen Frost <sfrost@snowman.net>, Bruce Momjian <bruce@momjian.us>, Aidan Van Dyk <aidan@highrise.ca>, Joshua Tolley <eggyknap@gmail.com>, pgsql-hackers@postgresql.org
Date: 2010-04-19T20:59:14Z
Lists: pgsql-hackers
On Mon, Apr 19, 2010 at 4:30 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Simon Riggs <simon@2ndQuadrant.com> writes: >> Point of note on giving information to the bad guys: if a >> should-be-rejected connection request attempts to connect to a >> non-existent database, we say "database does not exist". > > Yeah. This was an acknowledged shortcoming of the changes to eliminate > flat-file storage of authentication information --- as of 9.0, it's > necessary to connect to some database in order to proceed with auth > checking. We discussed it at the time and agreed it was an acceptable > loss. > > The only way I can think of to improve that without going back to flat > files would be to develop a way for backends to switch databases after > initial startup, so that auth could be done in a predetermined database > (say, "postgres") before switching to the requested DB. This has enough > potential gotchas, in regards to catalog caching for instance, that I'm > not eager to go there. Would it be possible to set up a skeleton environment where we can access shared catalogs only and then decide on which database we're using later? ...Robert