When debugging strange and complex pg_hba lines, it can often be quite
useful to know which line is matching a particular connection that
failed for some reason. Because more often than not, it's actually not
using the line in pg_hba.conf that's expected.
The easiest way to do this is to emit an errdetail for the login
failure, per this patch.
Question is - is that leaking information to the client that we
shouldn't be leaking?
And if it is, what would be the preferred way to deal with it? We
could put that as a detail to basically every single error message
coming out of the auth system, but that seems like a bad idea. Or we
could make a separate ereport(LOG) before send it to the client,
Description: application/octet-stream (439 bytes)
pgsql-hackers by date
|Next:||From: Kohei KaiGai||Date: 2012-06-27 13:07:55|
|Subject: Re: [v9.3] Row-Level Security|
|Previous:||From: Robert Haas||Date: 2012-06-27 12:47:33|
|Subject: Re: pg_terminate_backend for same-role|