From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, k(dot)yudhveer(at)gmail(dot)com, PostgreSQL mailing lists <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
Subject: | Re: BUG #16079: Question Regarding the BUG #16064 |
Date: | 2019-12-03 20:10:02 |
Message-ID: | 20191203201002.GQ6962@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
Greetings,
* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> On Fri, Nov 15, 2019 at 5:42 AM Thomas Munro <thomas(dot)munro(at)gmail(dot)com> wrote:
>
> > On Tue, Oct 29, 2019 at 4:48 AM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > > Uh, the user's credentials certainly are sent to the PG server.
> >
> > Perhaps we should log a warning when PostgreSQL has received a
> > password over the network without SSL. Perhaps we should log another
> > warning when PostgreSQL has sent a password over the network without
> > SSL.
>
> For the old plaintext "password" method, we log a warning when we parse the
> configuration file.
>
> Maybe we should do the same for LDAP (and RADIUS)? This seems like a better
> place to put it than to log it at every time it's received?
Seems like a reasonable approach to me though we should probably also
include details in the documentation around what this warning means,
exactly, since we probably can't write the full paragraph or more that
we'd need to inside the warning itself.
Sorry though.. where do we log that warning you're talking about wrt
the 'password' method? I just started a 13devel with 'password'
configured in pg_hba.conf and didn't see any warnings...
(commit b5273943679d22f58f1e1e269ad75e791172f557)
I'm all for adding a warning when any of these methods is used, maybe
with an optional override of "yes, I know this is bad but I don't care".
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2019-12-03 20:27:45 | Re: incorrect pg_dump output due to not handling dropped roles correctly |
Previous Message | Stephen Frost | 2019-12-03 19:58:12 | Re: BUG #16079: Question Regarding the BUG #16064 |
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2019-12-03 20:13:54 | Re: [HACKERS] [WIP] Effective storage of duplicates in B-tree index. |
Previous Message | Stephen Frost | 2019-12-03 19:58:12 | Re: BUG #16079: Question Regarding the BUG #16064 |