From: | Jacob Champion <jchampion(at)timescale(dot)com> |
---|---|
To: | Shaun Thomas <shaun(dot)thomas(at)enterprisedb(dot)com> |
Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue |
Date: | 2023-08-16 22:11:22 |
Message-ID: | CAAWbhmiP+6r0XE6pgRyD0=sRi1k4muqo-Z=eLFgLKX-6smYZmw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Aug 16, 2023 at 6:27 AM Shaun Thomas
<shaun(dot)thomas(at)enterprisedb(dot)com> wrote:
>
> > We could do something like a LOG "connection: method=%s user=%s
> > (%s:%d)", without the "authenticated" and "identity" terms from
> > set_authn_id(). Just to drop an idea.
>
> That would be my inclination as well. Heck, just slap a log message
> right in the specific case statements that don't have actual auth as
> defined by set_authn_id. This assumes anyone really cares about it
> that much, of course. :D
Maybe something like the attached?
- I made the check more generic, rather than hardcoding it inside the
trust statement, because my OAuth proposal would add a method that
only calls set_authn_id() some of the time.
- I used the phrasing "connection not authenticated" in the hopes that
it's a bit more greppable than just "connection", especially in
combination with the existing "connection authenticated" lines.
(I'm reminded that we're reflecting an unauthenticated username as-is
into the logs, but I also don't think this makes things any worse than
they are today with the "authorized" lines.)
--Jacob
Attachment | Content-Type | Size |
---|---|---|
0001-log_connections-add-entries-for-trust-connections.patch | text/x-patch | 2.2 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2023-08-16 22:49:49 | Re: Rename ExtendedBufferWhat in 16? |
Previous Message | Jeff Davis | 2023-08-16 22:09:43 | Re: Faster "SET search_path" |