Re: Reporting hba lines
| От | Magnus Hagander |
|---|---|
| Тема | Re: Reporting hba lines |
| Дата | |
| Msg-id | CABUevExVKfGNgUs=s9GGPOm5FziKmvmLCJFiR27MfLfG8YSc=A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Reporting hba lines (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Reporting hba lines
|
| Список | pgsql-hackers |
On Wed, Jun 27, 2012 at 3:55 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: >> When debugging strange and complex pg_hba lines, it can often be quite >> useful to know which line is matching a particular connection that >> failed for some reason. Because more often than not, it's actually not >> using the line in pg_hba.conf that's expected. > >> The easiest way to do this is to emit an errdetail for the login >> failure, per this patch. > >> Question is - is that leaking information to the client that we >> shouldn't be leaking? > > Yes. > >> And if it is, what would be the preferred way to deal with it? > > Report to the postmaster log only. errdetail_log should do. Oh, I wasn't aware we had that :) You learn something new every day. > BTW, are you sure that auth_failed is only called in cases where > an hba line has already been identified? Even if true today, > it seems fairly risky to assume that. It is true today, but yes, it might be safe to guard against it with something like this? I also fixed the error message to follow the guidelines better - I think :) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
Вложения
В списке pgsql-hackers по дате отправления: