| From: | Markus Wanner <markus(at)bluegap(dot)ch> |
|---|---|
| To: | David Fetter <david(at)fetter(dot)org> |
| Cc: | Joshua Drake <jd(at)commandprompt(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Better auth errors from libpq |
| Date: | 2008-09-12 08:08:56 |
| Message-ID: | 48CA2398.1040403@bluegap.ch |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
David Fetter wrote:
> I'm all for something, and that's a much better something. What we
> have now--nothing--actively distresses newbies for no good reason.
>
> I don't know how many people we've lost right at that point, but the
> number has to be high, as most people don't just hop into IRC with
> their problem.
Maybe something much more specific, i.e. triggering only if one tried to
connect via localhost or unix sockets, and only if one tried to
authenticate as 'root' without a password.
The hint shoud IMO say something like: "The default superuser is
postgres, not root". Something that's useful for this specific case and
doesn't disturb in others. And something that's public knowledge, which
any reasonably serious attacker already knows anyway.
Maybe also point out that the unix user is chosen by default. Assuming
that most of these users didn't explicitly type 'root' and are wondering
where that 'root' user came from.
Regards
Markus Wanner
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2008-09-12 08:29:09 | Re: [Review] pgbench duration option |
| Previous Message | Gregory Stark | 2008-09-12 07:53:39 | Re: Better auth errors from libpq |