On 2023-01-24 Tu 08:50, Robert Haas wrote: > > What do you think about something in the spirit of a > reverse-pg_hba.conf? The idea being that PostgreSQL facilities that > make outbound connections are supposed to ask it whether those > connections are OK to initiate. Then you could have a default > configuration that basically says "don't allow loopback connections" > or "require passwords all the time" or whatever we like, and the DBA > can change that as desired. We could teach dblink, postgres_fdw, and > CREATE SUBSCRIPTION to use this new thing, and third-party code could > adopt it if it likes. >
I kinda like this idea, especially if we could specify the context that rules are to apply in. e.g. postgres_fdw, mysql_fdw etc. I'd certainly give it an outing in the redis_fdw if appropriate. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
