"Wolff, Ken L" <ken.l.wolff@xxxxxxxx> writes: > I do understand what you described about locking down access through pg_hba.conf, so only authorized users/applications can connect. That makes a lot of sense and I’m going to take it forward to our Information Security organization. However, in case they won’t budge from this requirement, can someone tell me what would be the best way to submit this as a feature request? Simply edit the PostgreSQL Wiki ToDo page (https://wiki.postgresql.org/wiki/Todo) or is there some other method. It's been discussed, but it's quite unlikely that we'd add features in this area. The project position is that if you have such requirements, you can address them by using external authentication management, like LDAP or PAM. If we tried to take this on board, first we'd have a bunch of problems with scope creep (because there are so many different random requirements that people might have), and second we'd have a bunch of architectural issues with where to keep the relevant state. It can't be ordinary database state --- at least not if you'd like to use the feature on read-only slave servers, and even a single server would have issues executing a transaction from a not-logged-in session --- but then where *do* we keep it, and how would an admin see or adjust the state? It's a can of worms we don't really care to open, especially when there are perfectly good solutions already available outside PG proper. regards, tom lane