Home > mailing lists

Re: Bad error message on valuntil - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Bad error message on valuntil
Date	June 7, 2013 22:31:43
Msg-id	27874.1370633493@sss.pgh.pa.us Whole thread Raw
In response to	Re: Bad error message on valuntil ("Joshua D. Drake" <jd@commandprompt.com>)
Responses	Re: Bad error message on valuntil Re: Bad error message on valuntil
List	pgsql-hackers

Tree view

"Joshua D. Drake" <jd@commandprompt.com> writes:
> On 06/07/2013 11:57 AM, Tom Lane wrote:
>> I think it's intentional that we don't tell the *client* that level of
>> detail.

> Why? That seems rather silly.

The general policy on authentication failure reports is that we don't
tell the client anything it doesn't know already about what the auth
method is.  We can log additional info into the postmaster log if it
seems useful to do so, but the more you tell a client, the more you
risk undesirable info leakage to a bad guy.  As an example here,
reporting the valuntil condition would be acking to an attacker that
he had the right password.
        regards, tom lane

pgsql-hackers by date:

From: Simon Riggs
Date: 07 June 2013, 22:30:11
Subject: Re: Freezing without write I/O

From: Heikki Linnakangas
Date: 07 June 2013, 22:45:12
Subject: Avoiding bloat in the presence of a long-running transaction (Re: Freezing without write I/O)

Re: Bad error message on valuntil - Mailing list pgsql-hackers

Previous

Next