Hello again :)
> It doesn't seem particularly complicated: inside the connection-startup
> transaction done by InitPostgres, you could check to make sure the
> selected user has the CONNECT privilege on the selected database.
> [ looks at code... ] Actually ReverifyMyDatabase is the right place,
Hi,
Tom Lane writes:
Martijn van Oosterhout writes:
For simple systems then you could have a short pg_hba.conf to limit the
IP addresses users can connect on, and the DB stores what databases
they have access to...
Right, you'd still have a pg_hba.conf, but it would hopefully be short
and sw
Thank you very much :) :)
On Sun, 2006-04-16 at 17:08 -0400, Tom Lane wrote:
> Gevik Babakhani <[EMAIL PROTECTED]> writes:
> > On Sun, 2006-04-16 at 11:48 -0400, Tom Lane wrote:
> >> I don't think there would be any objection to adding a database-level
> >> CONNECT privilege that's checked inside
Martijn van Oosterhout writes:
> For simple systems then you could have a short pg_hba.conf to limit the
> IP addresses users can connect on, and the DB stores what databases
> they have access to...
Right, you'd still have a pg_hba.conf, but it would hopefully be short
and sweet, not doing much
Gevik Babakhani <[EMAIL PROTECTED]> writes:
> On Sun, 2006-04-16 at 11:48 -0400, Tom Lane wrote:
>> I don't think there would be any objection to adding a database-level
>> CONNECT privilege that's checked inside the database, *after* the
>> existing pg_hba.conf mechanism.
> Tom, could you please
On Sun, Apr 16, 2006 at 08:34:10PM +0200, Gevik Babakhani wrote:
> On Sun, 2006-04-16 at 11:48 -0400, Tom Lane wrote:
>
> > I don't think there would be any objection to adding a database-level
> > CONNECT privilege that's checked inside the database, *after* the
> > existing pg_hba.conf mechanism
On Sun, 2006-04-16 at 11:48 -0400, Tom Lane wrote:
> I don't think there would be any objection to adding a database-level
> CONNECT privilege that's checked inside the database, *after* the
> existing pg_hba.conf mechanism. That requires no new concepts: we
> already have databases and privilege
Martijn van Oosterhout writes:
>> there is actually no proof of the current order depency is really
>> a good idea. Other access lists work without that constraint.
> For something that may not be a good idea, it's awfully popular.
Didn't we have this entire discussion a month ago?
I don't thin
On Sun, Apr 16, 2006 at 03:37:42PM +0200, Tino Wildenhain wrote:
> > Apart from the complaint that this makes no attempt to take care of the
> > fact that entires in pg_hba.conf are order sensetive. Where is that
> > found in this syntax? What about pg_ident.conf?
>
> there is actually no proof of
...
>> 2. What do we think about the SQL command to be. Would it be like the
>> following or another syntax.
>>
>> GRANT
>> CONNECTION [LOCAL | HOST | HOSTSSL | HOSTNOSSL ]
>> ON [ ALL | mydatabase1 ]
>> TO [ ALL | user1,user2,user3 ]
>> FROM 127.0.0.1/32
>> METHOD [ TRU
On Sun, Apr 16, 2006 at 01:08:36PM +0200, Gevik Babakhani wrote:
> Folks,
>
> I would like to start a discussion regarding the TODO item "%Allow
> pg_hba.conf settings to be controlled via SQL"
> 1. What do we think about removing the pg_hba.conf functionality keeping
> the connection informati
11 matches
Mail list logo
