"David G. Johnston" <david.g.johnston@gmail.com> writes:
> On Thu, Dec 1, 2022 at 11:36 AM Rizwan Shaukat <rizwan.shaukat@hotmail.com>
> wrote:
>> we hv requiremnt from security to secure pg_hba.conf file was encryption
>> or password protected on server to protect ip visibilty because these
>> server access by application n thy can amend as well. how we can achive it
>> pls
> You cannot with the present implementation of the system - pg_hba.conf is
> read by the PostgreSQL process as a file. I do not think the server is
> prepared for that file to be some kind of program whose stdout is the
> contents and you could arrange for that program to do whatever it is you'd
> like.
Even more to the point: if you are afraid of hostile actors being able
to access files inside your data directory, it seems to me that
pg_hba.conf is very far down the list of things to worry about. What's
to stop the same actors from examining/modifying other configuration
files, or even the actual database contents? If you don't think your
data directory is secure, you have problems that Postgres can't fix.
regards, tom lane
