| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Reporting hba lines |
| Date: | 2012-06-27 12:54:15 |
| Message-ID: | CABUevEztu2cbVNR4ZMuTrtxWyZsPp3Y+4rYgPmaNh5N0T3E08Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
When debugging strange and complex pg_hba lines, it can often be quite
useful to know which line is matching a particular connection that
failed for some reason. Because more often than not, it's actually not
using the line in pg_hba.conf that's expected.
The easiest way to do this is to emit an errdetail for the login
failure, per this patch.
Question is - is that leaking information to the client that we
shouldn't be leaking?
And if it is, what would be the preferred way to deal with it? We
could put that as a detail to basically every single error message
coming out of the auth system, but that seems like a bad idea. Or we
could make a separate ereport(LOG) before send it to the client,
perhaps?
Thoughts?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| Attachment | Content-Type | Size |
|---|---|---|
| hba_line.patch | application/octet-stream | 439 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kohei KaiGai | 2012-06-27 13:07:55 | Re: [v9.3] Row-Level Security |
| Previous Message | Robert Haas | 2012-06-27 12:47:33 | Re: pg_terminate_backend for same-role |