Skip site navigation (1) Skip section navigation (2)

Re: 2 forks for md5?

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>,PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: 2 forks for md5?
Date: 2005-09-22 23:18:28
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Tom Lane wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > I turned on passwords and did see duplicate connections:
> > 	LOG:  connection received: host=[local]
> > 	LOG:  connection received: host=[local]
> > 	LOG:  connection authorized: user=postgres database=test
> > 	LOG:  disconnection: session time: 0:00:00.61 user=postgres database=test host=[local]
> > Basically psql first tries with no password, then when it fails asking
> > for a password, it prompts for one and connects.  You will notice only
> > one "authorized:" message.  I think that is the real "connection" line,
> > rather than the "recevied" lines.  Not sure how we can improve this.  We
> > could print an "authorization failed" message.  Would that help, or just
> > be overkill?
> I think that would get people more worried rather than less so ---
> psql's customary behavior would make it look like you were being
> regularly attacked by password guessers :-(.  We do already log the
> error message in the cases where a password is actually supplied
> and is wrong, so an additional message doesn't seem very helpful.
> One answer is to downgrade the "connection received" to a DEBUGn
> message, so that it's only seen by those who presumably have something
> of a clue.  I don't really care for this, but you could certainly argue
> that the other messages are sufficient for normal purposes.

I personally think the current behavior is fine.

  Bruce Momjian                        |
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2005-09-22 23:20:56
Subject: Re: 2 forks for md5?
Previous:From: Tatsuo IshiiDate: 2005-09-22 23:13:10
Subject: Re: Proposed patch to clean up signed-ness warnings

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group