On 23 January 2017 at 04:29, Michael Paquier <michael.paqu...@gmail.com> wrote: > Hi all, > > As now wal_level = replica has become the default for Postgres 10, > could we consider as well making replication connections enabled by > default in pg_hba.conf?
Agreed > This requires just uncommenting a couple of > lines in pg_hba.conf.sample. I don't think that is the right way to do this. Changing the default doesn't reduce the complexity. I think we should remove the "replication" false database concept in pg_hba.conf altogether and allow any valid pg_hba rule to invoke a replication connection, if one is requested. Roles would still need the REPLICATION capability before this would be allowed. Having both of those things doesn't materially improve security control. It would also be useful to be able prevent users with REPLICATION capability from connecting as normal users, if the are marked as NOLOGIN. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
