"Joshua D. Drake" <jd@commandprompt.com> writes:
> On Fri, 2009-08-28 at 11:52 -0400, Tom Lane wrote:
>> I've thought of an easier way to handle this: if the given database name
>> is invalid, connect to database "postgres" instead, and perform
>> authentication using normal access to the pg_auth catalogs. If
>> authentication succeeds, *then* throw the error about nonexistent
>> database. If "postgres" is not there, we'd still expose existence
>> of the original database name early, but how many installations don't
>> have that?
> I run into it all the time. People drop the postgres database as not
> needed.
Well, it isn't, unless you are worried about a third-order security
issue like whether someone can identify database names by a brute
force attack. The only problem if it's not there is we'll throw the
"no such db" error before user validation instead of after. I'm feeling
that that isn't worth a large expenditure of effort, as long as there's
a reasonable way to configure the system so it is secure if you care
about that.
regards, tom lane