Home > mailing lists

Re: Thoughts on pg_hba.conf rejection - Mailing list pgsql-hackers

From	Simon Riggs
Subject	Re: Thoughts on pg_hba.conf rejection
Date	April 19, 2010 19:11:14
Msg-id	1271704250.8305.19916.camel@ebony Whole thread Raw
In response to	Re: Thoughts on pg_hba.conf rejection (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Thoughts on pg_hba.conf rejection (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Thu, 2010-04-15 at 09:44 -0400, Tom Lane wrote:
> Maybe uaImplicitReject for the end-of-file case would be
> the most readable way.

uaImplicitReject capability added.

We're now free to bikeshed on exact wording. After much heavy thinking,
message is "pg_hba.conf rejects..." with no hint (yet?).

Point of note on giving information to the bad guys: if a
should-be-rejected connection request attempts to connect to a
non-existent database, we say "database does not exist". If db does
exist we say "pg_hba.conf rejects...". To me that looks like giving info
away... if an IP address range is rejected always then telling them
whether or not a particular database name exists seems like something I
would not wish to expose.

-- Simon Riggs           www.2ndQuadrant.com

pgsql-hackers by date:

From: Tom Lane
Date: 19 April 2010, 18:34:36
Subject: Re: Standalone backends run StartupXLOG in an incorrect environment

From: Simon Riggs
Date: 19 April 2010, 19:15:02
Subject: Re: Standalone backends run StartupXLOG in an incorrect environment

Re: Thoughts on pg_hba.conf rejection - Mailing list pgsql-hackers

Previous

Next