| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: elog() patch |
| Date: | 2002-03-03 05:08:41 |
| Message-ID: | 200203030508.g2358fp20766@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Basically it echoes the failed password back to the user. Again, this
> is only with client_min_messages set to debug1-5. I don't know how to
> fix this because we specifically set things up so the client could see
> everything the server logs see. I wonder if echoing the failed password
> into the logs is a good idea either. I don't think so.
Crypt/MD5 authentication does output the password encrypted:
DEBUG: received password packet with len=40, pw=md515e315f11670d4ba385d0c1615476780
DEBUG: received password packet with len=40, pw=md515e315f11670d4ba385d0c1615476780
psql: FATAL: Password authentication failed for user "postgres"
However, I still don't think we should be echoing this to the server
logs or the client. There is just little value to it and potential
problems, especially with 'password' authentication.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2002-03-03 06:02:51 | new hashing function |
| Previous Message | Rod Taylor | 2002-03-03 03:15:16 | plpgsql Field of Record issue |