Re: Better auth errors from libpq
| От | David Fetter |
|---|---|
| Тема | Re: Better auth errors from libpq |
| Дата | |
| Msg-id | 20080912122924.GC27694@fetter.org обсуждение исходный текст |
| Ответ на | Re: Better auth errors from libpq (Markus Wanner <markus@bluegap.ch>) |
| Список | pgsql-hackers |
On Fri, Sep 12, 2008 at 10:08:56AM +0200, Markus Schiltknecht wrote: > Hi, > > David Fetter wrote: >> I'm all for something, and that's a much better something. What we >> have now--nothing--actively distresses newbies for no good reason. >> >> I don't know how many people we've lost right at that point, but >> the number has to be high, as most people don't just hop into IRC >> with their problem. > > Maybe something much more specific, i.e. triggering only if one > tried to connect via localhost or unix sockets, and only if one > tried to authenticate as 'root' without a password. It's not the root part that confuses people, but the entire message. > The hint shoud IMO say something like: "The default superuser is > postgres, not root". Something that's useful for this specific case > and doesn't disturb in others. And something that's public > knowledge, which any reasonably serious attacker already knows > anyway. I, too, disagree with the "security by obscurity" approach to auth error messages. A system cracker will not be deterred by any such a thing, but a new user can easily be. Cheers, David. -- David Fetter <david@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fetter@gmail.com Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate
В списке pgsql-hackers по дате отправления: