Re: Thoughts on pg_hba.conf rejection

On Wed, Apr 14, 2010 at 08:37:18PM -0400, Robert Haas wrote:
> On Wed, Apr 14, 2010 at 8:31 PM, Bruce Momjian <bruce@momjian.us> wrote:
> > Tom Lane wrote:
> >> Robert Haas <robertmhaas@gmail.com> writes:
> >> > What's wrong with something like "connection not permitted" or
> >> > "connection not authorized"?
> >>
> >> The case that we're trying to cater to with the existing wording
> >> is novice DBAs, who are likely to stare at such a message and not
> >> even realize that pg_hba.conf is what they need to change.
> >>  Frankly, by the time anyone is using REJECT entries they are
> >> probably advanced enough to not need much help from the error
> >> message; but what you propose is an absolute lock to increase the
> >> number of newbie questions on the lists by a large factor.
> >
> > Agreed.  I would rather have an inaccurate error message that
> > mentions pg_hba.conf than an accurate one that doesn't.
> >
> > Error messages should always point at a solution, if possible.
> 
> OK, how about "connection not authorized by pg_hba.conf"?

+1.  It's clear, and if an attacker can compromise pg_hba.conf,
there's nothing PostgreSQL can do to help.

I'd like to bring up the idea of an attacker who both has that access
and doesn't know about pg_hba.conf just to dismiss it.  Such a person
might exist, but we don't need to bend things around a case so rare
that it makes being struck by lightning look like a certainty. :)

Cheers,
David.
-- 
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate