Re: Getting rid of the flat authentication file

"Joshua D. Drake" <jd@commandprompt.com> writes:
> On Fri, 2009-08-28 at 11:52 -0400, Tom Lane wrote:
>> I've thought of an easier way to handle this: if the given database name
>> is invalid, connect to database "postgres" instead, and perform
>> authentication using normal access to the pg_auth catalogs.  If
>> authentication succeeds, *then* throw the error about nonexistent
>> database.  If "postgres" is not there, we'd still expose existence
>> of the original database name early, but how many installations don't
>> have that? 

> I run into it all the time. People drop the postgres database as not
> needed.

Well, it isn't, unless you are worried about a third-order security
issue like whether someone can identify database names by a brute
force attack.  The only problem if it's not there is we'll throw the
"no such db" error before user validation instead of after.  I'm feeling
that that isn't worth a large expenditure of effort, as long as there's
a reasonable way to configure the system so it is secure if you care
about that.
        regards, tom lane