From: | Rodrigo Gonzalez <rjgonzale(dot)lists(at)gmail(dot)com> |
---|---|
To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Bad error message on valuntil |
Date: | 2013-06-07 20:12:47 |
Message-ID: | 20130607171247.0a496f01@rjgonzale-laptop |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, 07 Jun 2013 13:07:21 -0700
"Joshua D. Drake" <jd(at)commandprompt(dot)com> wrote:
>
> On 06/07/2013 12:31 PM, Tom Lane wrote:
> > "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
> >> On 06/07/2013 11:57 AM, Tom Lane wrote:
> >>> I think it's intentional that we don't tell the *client* that
> >>> level of detail.
> >
> >> Why? That seems rather silly.
> >
> > The general policy on authentication failure reports is that we
> > don't tell the client anything it doesn't know already about what
> > the auth method is. We can log additional info into the postmaster
> > log if it seems useful to do so, but the more you tell a client,
> > the more you risk undesirable info leakage to a bad guy. As an
> > example here, reporting the valuntil condition would be acking to
> > an attacker that he had the right password.
>
> So security by obscurity? Alright, without getting into that argument
> how about we change the error message to:
>
> FATAL: Authentication failed: Check server log for specifics
>
> And then we make sure we log proper info?
+1
From | Date | Subject | |
---|---|---|---|
Next Message | Hannu Krosing | 2013-06-07 20:21:12 | Re: Freezing without write I/O |
Previous Message | Joshua D. Drake | 2013-06-07 20:07:21 | Re: Bad error message on valuntil |