| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Jacob Champion <jchampion(at)timescale(dot)com> |
| Cc: | Shaun Thomas <shaun(dot)thomas(at)enterprisedb(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue |
| Date: | 2023-08-17 16:46:34 |
| Message-ID: | ZN5O6rndUbkZ5DWu@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Jacob Champion (jchampion(at)timescale(dot)com) wrote:
> On Thu, Aug 17, 2023 at 9:01 AM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > Maybe 'connection allowed' instead..?
>
> Hm. It hasn't really been allowed yet, either. To illustrate what I mean:
>
> LOG: connection received: host=[local]
> LOG: connection allowed: user="jacob" method=trust
> (/home/jacob/src/data/pg16/pg_hba.conf:117)
> LOG: connection authorized: user=jacob database=postgres
> application_name=psql
>
> Maybe "unauthenticated connection:"? "connection without
> authentication:"? "connection skipped authentication:"?
Don't like 'skipped' but that feels closer.
How about 'connection bypassed authentication'?
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2023-08-17 16:52:03 | Re: Using defines for protocol characters |
| Previous Message | Jacob Champion | 2023-08-17 16:42:35 | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue |