| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Reporting hba lines |
| Date: | 2012-06-27 13:55:40 |
| Message-ID: | 29324.1340805340@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> When debugging strange and complex pg_hba lines, it can often be quite
> useful to know which line is matching a particular connection that
> failed for some reason. Because more often than not, it's actually not
> using the line in pg_hba.conf that's expected.
> The easiest way to do this is to emit an errdetail for the login
> failure, per this patch.
> Question is - is that leaking information to the client that we
> shouldn't be leaking?
Yes.
> And if it is, what would be the preferred way to deal with it?
Report to the postmaster log only. errdetail_log should do.
BTW, are you sure that auth_failed is only called in cases where
an hba line has already been identified? Even if true today,
it seems fairly risky to assume that.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2012-06-27 14:04:21 | Re: Reporting hba lines |
| Previous Message | Heikki Linnakangas | 2012-06-27 13:55:34 | Re: [PATCH 07/16] Log enough data into the wal to reconstruct logical changes from it if wal_level=logical |