Skip site navigation (1) Skip section navigation (2)

Reporting hba lines

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Reporting hba lines
Date: 2012-06-27 12:54:15
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
When debugging strange and complex pg_hba lines, it can often be quite
useful to know which line is matching a particular connection that
failed for some reason. Because more often than not, it's actually not
using the line in pg_hba.conf that's expected.

The easiest way to do this is to emit an errdetail for the login
failure, per this patch.

Question is - is that leaking information to the client that we
shouldn't be leaking?

And if it is, what would be the preferred way to deal with it? We
could put that as a detail to basically every single error message
coming out of the auth system, but that seems like a bad idea. Or we
could make a separate ereport(LOG) before send it to the client,


 Magnus Hagander

Attachment: hba_line.patch
Description: application/octet-stream (439 bytes)


pgsql-hackers by date

Next:From: Kohei KaiGaiDate: 2012-06-27 13:07:55
Subject: Re: [v9.3] Row-Level Security
Previous:From: Robert HaasDate: 2012-06-27 12:47:33
Subject: Re: pg_terminate_backend for same-role

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group