| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: elog() patch |
| Date: | 2002-03-03 02:46:05 |
| Message-ID: | 200203030246.g232k5P12522@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Is this what you were looking for? I set client_min_messages to the max
> > of debug5 and the output is attached.
>
> If the DBA wants to do that, I don't have a problem with it. I'm
> wondering what happens if an unprivileged user tries to do it,
> via either PGOPTIONS or Peter's new user/database-local options.
>
> Please note also that I'm wondering about the messages emitted during
> an authorization *failure*, not a successful connection.
You ask a very good question here. I never tested authentication with
debug sent to the client. The answer is that it doesn't work without
the attached patch. Now, I am not about to apply this because it does
change getNotice() to an extern and moves its prototype to libpq-int.h.
This is necessary because I now use getNotice() in fe-connect.c.
The second issue is that this isn't going to work for pre-7.2 clients
because the protocol doesn't expect 'N' messages during the
authentication phase. I think we can live with a client_min_messages
level of debug* not working on old clients, though we should make a
mention of it in the release notes.
And finally, here is the output from a failed password login with the
patch applied:
$ psql test
Password:
DEBUG: received password packet with len=12, pw=lkjasdf
DEBUG: received password packet with len=12, pw=lkjasdf
psql: FATAL: Password authentication failed for user "postgres"
Basically it echoes the failed password back to the user. Again, this
is only with client_min_messages set to debug1-5. I don't know how to
fix this because we specifically set things up so the client could see
everything the server logs see. I wonder if echoing the failed password
into the logs is a good idea either. I don't think so.
Someone please advise on patch application. Are there other places that
don't expect a NOTICE in the middle of a protocol handshake?
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| Attachment | Content-Type | Size |
|---|---|---|
| unknown_filename | text/plain | 2.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rod Taylor | 2002-03-03 03:15:16 | plpgsql Field of Record issue |
| Previous Message | Tom Lane | 2002-03-02 23:19:54 | Re: elog() patch |