Home > mailing lists

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

From	Shaun Thomas
Subject	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Date	August 16, 2023 16:26:55
Msg-id	CAFdbL1OCKyU46GbwqdQ3zh_UXp5mG6GaPJyA0u==kitKWSr6zQ@mail.gmail.com Whole thread Raw
In response to	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue (Michael Paquier <michael@paquier.xyz>)
Responses	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
List	pgsql-hackers

Tree view

> We could do something like a LOG "connection: method=%s user=%s
> (%s:%d)", without the "authenticated" and "identity" terms from
> set_authn_id().  Just to drop an idea.

That would be my inclination as well. Heck, just slap a log message
right in the specific case statements that don't have actual auth as
defined by set_authn_id. This assumes anyone really cares about it
that much, of course. :D

-- 
Shaun

pgsql-hackers by date:

From: Michael Paquier
Date: 16 August 2023, 15:08:52
Subject: Re: WIP: new system catalog pg_wait_event

From: Peter Eisentraut
Date: 16 August 2023, 16:50:09
Subject: Re: Handle infinite recursion in logical replication setup

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

Previous

Next