| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, k(dot)yudhveer(at)gmail(dot)com, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: BUG #16079: Question Regarding the BUG #16064 |
| Date: | 2020-12-21 18:31:32 |
| Message-ID: | 543836.1608575492@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
Jeff Janes <jeff(dot)janes(at)gmail(dot)com> writes:
> On Sun, Dec 20, 2020 at 7:58 PM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
>>> Maybe we should do the same for LDAP (and RADIUS)? This seems like a
>>> better place to put it than to log it at every time it's received?
>> A dollar short and a year late, but ... +1.
> I would suggest going further. I would make the change on the client side,
> and have libpq refuse to send unhashed passwords without having an
> environment variable set which allows it.
As noted, that would break LDAP and RADIUS auth methods; likely also PAM.
> What is the value of logging on the server side?
I do agree with this point, but mostly on the grounds of "nobody reads
the server log".
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2020-12-21 18:35:11 | Re: BUG #16079: Question Regarding the BUG #16064 |
| Previous Message | Tom Lane | 2020-12-21 18:27:25 | Re: Large objects and out-of-memory |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2020-12-21 18:35:11 | Re: BUG #16079: Question Regarding the BUG #16064 |
| Previous Message | Pavel Stehule | 2020-12-21 18:26:14 | Re: bad dependency in pg_dump output related to support function breaks binary upgrade |