| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz> |
| Cc: | "magnus(at)hagander(dot)net" <magnus(at)hagander(dot)net>, "stark(at)mit(dot)edu" <stark(at)mit(dot)edu>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Proposal: Save user's original authenticated identity for logging |
| Date: | 2021-03-24 16:45:35 |
| Message-ID: | 4c90814d2f0018ba835c3d8e2eb67b99e6a45578.camel@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2021-03-23 at 14:21 +0900, Michael Paquier wrote:
> I am not really sure that we need to bother about the ordering of the
> entries here, as long as we check for all of them within the same
> fragment of the log file, so I would just go down to the simplest
> solution that I posted upthread that is enough to make sure that the
> verbosity is protected. That's what we do elsewhere, like with
> command_checks_all() and such.
With low-coverage test suites, I think it's useful to allow as little
strange behavior as possible -- in this case, printing authorization
before authentication could signal a serious bug -- but I don't feel
too strongly about it.
v10 attached, which reverts to v8 test behavior, with minor updates to
the commit message and test comment.
--Jacob
| Attachment | Content-Type | Size |
|---|---|---|
| v10-0001-ssl-store-client-s-DN-in-port-peer_dn.patch | text/x-patch | 3.2 KB |
| v10-0002-Log-authenticated-identity-from-all-auth-backend.patch | text/x-patch | 27.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2021-03-24 16:48:17 | Re: PoC/WIP: Extended statistics on expressions |
| Previous Message | Tom Lane | 2021-03-24 16:45:21 | Re: [HACKERS] Custom compression methods |