On Oct 14, 2007, at 14:34 , Tom Lane wrote:
> I am not entirely convinced whether we should do anything about this:
> the general theory on authentication failures is that you don't say
> much
> about exactly why it failed, so as to not give a brute-force attacker
> any info about whether he gave a valid userid or not. So there's an
> argument to be made that the current behavior is what we want. But
> I'm pretty sure that it wasn't intentionally designed to act this way.
Would there be a difference in how this is logged and how it's
reported to the user? I can see where an admin (having access to
logs) would want to have additional information such as whether a
role login has failed due to not having login privileges or whether
the failure was due to an incorrect role/password pair. I lean
towards less information back to the user as to the nature of the
failure. If the general consensus is to leave the current behavior, a
comment should probably be included to note that the behavior is
intentional.
Michael Glaesemann
grzm seespotcode net
