2015-02-28 2:40 GMT+01:00 Tom Lane <t...@sss.pgh.pa.us>: > Stephen Frost <sfr...@snowman.net> writes: > > I understand that there may be objections to that on the basis that it's > > work that's (other than for this case) basically useless, > > Got it in one. > > I'm also not terribly happy about leaving security-relevant data sitting > around in backend memory 100% of the time. We have had bugs that exposed > backend memory contents for reading without also granting the ability to > execute arbitrary code, so I think doing this does represent a > quantifiable decrease in the security of pg_hba.conf. >
The Stephen's proposal changes nothing in security. These data are in memory now. The only one difference is, so these data will be fresh. Regards Pavel > > regards, tom lane >
