On 2011-06-15 05:01, Bruce Momjian wrote:
You might remember we added a postmaster/postgres -b switch to indicate
binary upgrade mode. The attached patch prevents any client without an
application_name of 'binary-upgrade' from connecting to the cluster
while it is binary upgrade mode. This helps prevent unauthorized users
from connecting during the upgrade. This will not help for clusters
that do not have the -b flag, e.g. pre-9.1.
Does this seem useful? Something for 9.1 or 9.2?
This idea came from Andrew Dunstan via IRC during a pg_upgrade run by
Stephen Frost when some clients accidentally connected. (Stephen reran
pg_upgrade successfully.)
Couldn't the -b flag also imply a very strict hba.conf configuration, that
essentially only lets pg_upgrade in..?
--
Jesper
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
