Re: Change authentication error message (patch) - Mailing list pgsql-hackers

From Marko Tiikkaja
Subject Re: Change authentication error message (patch)
Date
Msg-id 51C2D901.9050007@joh.to
Whole thread Raw
In response to Re: Change authentication error message (patch)  (Markus Wanner <markus@bluegap.ch>)
Responses Re: Change authentication error message (patch)
List pgsql-hackers
On 20/06/2013 08:47, Markus Wanner wrote:
> On 06/20/2013 12:51 AM, Jeff Janes wrote:
>> I think we need to keep the first "password".  "Password authentication"
>> is a single thing, it is the authentication method attempted.  It is the
>> password method (which includes MD5) which failed, as opposed to the
>> LDAP method or the Peer method or one of the other methods.
>
> That's against the rule of not revealing any more knowledge than a
> potential attacker already has, no? For that reason, I'd rather go with
> just "authentication failed".

My understanding is that the attacker would already have that 
information since the server would have sent an 
AuthenticationMD5Password message to get to the error in the first 
place.  And we still reveal the authentication method to the frontend in 
all other cases ("peer authentication failed", for example).

>> Without this level of explicitness, it might be hard to figure out which
>> row in pg_hba.conf was the one that PostgreSQL glommed onto to use for
>> authentication.
>
> As argued before, that should go into the logs for diagnosis by the
> sysadmin, but should not be revealed to an attacker.

Isn't the point of this patch exactly that we didn't want to go down 
that road?  I.e. "password authentication failed" didn't say that the 
password might've expired, but some people thought just logging a 
WARNING/LOG wasn't enough.


Regards,
Marko Tiikkaja



pgsql-hackers by date:

Previous
From: Dimitri Fontaine
Date:
Subject: Re: event trigger API documentation?
Next
From: Thom Brown
Date:
Subject: Config reload/restart preview