Quick Links

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue

From:	Shaun Thomas <shaun(dot)thomas(at)enterprisedb(dot)com>
To:	Michael Paquier <michael(at)paquier(dot)xyz>
Cc:	Jacob Champion <jchampion(at)timescale(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Date:	2023-08-16 13:26:55
Message-ID:	CAFdbL1OCKyU46GbwqdQ3zh_UXp5mG6GaPJyA0u==kitKWSr6zQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> We could do something like a LOG "connection: method=%s user=%s
> (%s:%d)", without the "authenticated" and "identity" terms from
> set_authn_id(). Just to drop an idea.

That would be my inclination as well. Heck, just slap a log message
right in the specific case statements that don't have actual auth as
defined by set_authn_id. This assumes anyone really cares about it
that much, of course. :D

--
Shaun

In response to

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue at 2023-08-15 22:49:31 from Michael Paquier

Responses

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue at 2023-08-16 22:11:22 from Jacob Champion

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2023-08-16 13:50:09	Re: Handle infinite recursion in logical replication setup
Previous Message	Michael Paquier	2023-08-16 12:08:52	Re: WIP: new system catalog pg_wait_event