Re: include host names in hba error messages

On Fri, Jul 29, 2011 at 2:44 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> On tis, 2011-07-19 at 14:17 -0400, Robert Haas wrote:
>> I think it would be less confusing to write the IP address as the main
>> piece of information, and put the hostname in parentheses only if we
>> accepted it as valid (i.e. we did both lookups, and everything
>> matched).
>>
>> ERROR: no pg_hba.conf entry for host 127.0.0.1 ("localhost"), user
>> "x", database "y"
>>
>> As for the case where we the forward lookup and reverse lookup don't
>> match, could we add that as a DETAIL?
>>
>> ERROR: no pg_hba.conf entry for host 127.0.0.1, user "x", database "y"
>> DETAIL: Forward and reverse DNS lookups do not match.
>
> On further reflection, the only way we would get a complete match host
> name is if there actually were a line in pg_hba.conf with that host
> name, but it didn't match because of other parameters.  So that would be
> quite rare, and so the error message would look one way or the other
> depending on obscure circumstances, which would be confusing.
>
> But picking up on your second suggestion, I propose instead that we put
> a note in the detail about the host name and what we know about it, if
> we know it, e.g.
>
> ERROR: no pg_hba.conf entry for host 127.0.0.1, user "x", database "y"
> DETAIL: Client IP address resolved to "localhost", forward lookup matches.
>
> I chose to use errdetail_log(), which only goes into the server log, so
> we don't expose too much about the server's DNS setup to the client.

Seems reasonable.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company