| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | David Fetter <david(at)fetter(dot)org> |
| Cc: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Better auth errors from libpq |
| Date: | 2008-09-12 02:59:40 |
| Message-ID: | 23264.1221188380@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Fetter <david(at)fetter(dot)org> writes:
> This isn't exactly informative to newbies, so I'm proposing a patch
> like that attached for such failures. Instead of seeing that
> mysterious message, they'd get something like this:
> psql: FATAL: Ident authentication failed for user "root"
> HINT: Is pg_hba.conf set properly on the server?
Seems pretty useless. What does "set properly" mean? There isn't even
any good reason to think that the solution to most auth failures is to
change pg_hba.conf, so I'd bet that this hint is wrong far more often
than it's right.
You have to recall also that we deliberately suppress details in auth
failure messages sent to the client, since they might provide useful
clues to someone trying to break in. Admittedly, the above is so
content-free that it gives no aid or comfort to an attacker, but
I don't see that it provides any to a novice DBA either.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua Drake | 2008-09-12 03:10:45 | Re: Better auth errors from libpq |
| Previous Message | Alex Hunsaker | 2008-09-12 02:51:53 | Re: hash index improving v3 |