Re: Getting rid of the flat authentication file
| От | Robert Haas |
|---|---|
| Тема | Re: Getting rid of the flat authentication file |
| Дата | |
| Msg-id | 603c8f070908281005w6cd59ae0mb5d5e3e4a429a722@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Getting rid of the flat authentication file (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Fri, Aug 28, 2009 at 12:12 PM, Tom Lane<tgl@sss.pgh.pa.us> wrote: > "Joshua D. Drake" <jd@commandprompt.com> writes: >> On Fri, 2009-08-28 at 11:52 -0400, Tom Lane wrote: >>> I've thought of an easier way to handle this: if the given database name >>> is invalid, connect to database "postgres" instead, and perform >>> authentication using normal access to the pg_auth catalogs. If >>> authentication succeeds, *then* throw the error about nonexistent >>> database. If "postgres" is not there, we'd still expose existence >>> of the original database name early, but how many installations don't >>> have that? > >> I run into it all the time. People drop the postgres database as not >> needed. > > Well, it isn't, unless you are worried about a third-order security > issue like whether someone can identify database names by a brute > force attack. The only problem if it's not there is we'll throw the > "no such db" error before user validation instead of after. I'm feeling > that that isn't worth a large expenditure of effort, as long as there's > a reasonable way to configure the system so it is secure if you care > about that. Although this seems reasonably OK from a security point of view, it does seem to violate the POLA. ...Robert
В списке pgsql-hackers по дате отправления: