Re: Bad error message on valuntil
| От | Tom Lane |
|---|---|
| Тема | Re: Bad error message on valuntil |
| Дата | |
| Msg-id | 27874.1370633493@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Bad error message on valuntil ("Joshua D. Drake" <jd@commandprompt.com>) |
| Ответы |
Re: Bad error message on valuntil
Re: Bad error message on valuntil |
| Список | pgsql-hackers |
"Joshua D. Drake" <jd@commandprompt.com> writes:
> On 06/07/2013 11:57 AM, Tom Lane wrote:
>> I think it's intentional that we don't tell the *client* that level of
>> detail.
> Why? That seems rather silly.
The general policy on authentication failure reports is that we don't
tell the client anything it doesn't know already about what the auth
method is. We can log additional info into the postmaster log if it
seems useful to do so, but the more you tell a client, the more you
risk undesirable info leakage to a bad guy. As an example here,
reporting the valuntil condition would be acking to an attacker that
he had the right password.
regards, tom lane
В списке pgsql-hackers по дате отправления: