| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | jd(at)commandprompt(dot)com |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Getting rid of the flat authentication file |
| Date: | 2009-08-28 16:12:10 |
| Message-ID: | 9961.1251475930@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
> On Fri, 2009-08-28 at 11:52 -0400, Tom Lane wrote:
>> I've thought of an easier way to handle this: if the given database name
>> is invalid, connect to database "postgres" instead, and perform
>> authentication using normal access to the pg_auth catalogs. If
>> authentication succeeds, *then* throw the error about nonexistent
>> database. If "postgres" is not there, we'd still expose existence
>> of the original database name early, but how many installations don't
>> have that?
> I run into it all the time. People drop the postgres database as not
> needed.
Well, it isn't, unless you are worried about a third-order security
issue like whether someone can identify database names by a brute
force attack. The only problem if it's not there is we'll throw the
"no such db" error before user validation instead of after. I'm feeling
that that isn't worth a large expenditure of effort, as long as there's
a reasonable way to configure the system so it is secure if you care
about that.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2009-08-28 17:05:12 | Re: Getting rid of the flat authentication file |
| Previous Message | Joshua D. Drake | 2009-08-28 16:04:31 | Re: Getting rid of the flat authentication file |