"David G. Johnston" <david.g.johnston@xxxxxxxxx> writes: > On Thu, Dec 1, 2022 at 11:36 AM Rizwan Shaukat <rizwan.shaukat@xxxxxxxxxxx> > wrote: >> we hv requiremnt from security to secure pg_hba.conf file was encryption >> or password protected on server to protect ip visibilty because these >> server access by application n thy can amend as well. how we can achive it >> pls > You cannot with the present implementation of the system - pg_hba.conf is > read by the PostgreSQL process as a file. I do not think the server is > prepared for that file to be some kind of program whose stdout is the > contents and you could arrange for that program to do whatever it is you'd > like. Even more to the point: if you are afraid of hostile actors being able to access files inside your data directory, it seems to me that pg_hba.conf is very far down the list of things to worry about. What's to stop the same actors from examining/modifying other configuration files, or even the actual database contents? If you don't think your data directory is secure, you have problems that Postgres can't fix. regards, tom lane
