On Wed, Apr 1, 2026 at 10:09 AM Jacob Champion
<jacob.champion@enterprisedb.com> wrote:
> I didn't intend to introduce any new calls to
> oauth_get_debug_flags() over those already done in v1/v2; if I did
> that's a bug.
To make seeing that a little easier, here's the promised version of v3
as an exploded patch series with more detailed justification, based on
v2-0001.
I'm glad I did that, because I forgot to call attention to a
particular change I made that I think is important:
> fprintf(stderr,
> - "WARNING: PGOAUTHDEBUG: unsafe option \"%s\" requires UNSAFE: prefix (ignored)\n"
> - "Use: PGOAUTHDEBUG=UNSAFE:%s\n",
> - option, option);
> + libpq_gettext("WARNING: PGOAUTHDEBUG option \"%s\" is unsafe (ignored)\n"),
> + option);
`UNSAFE` is intended to be a weak defense against social engineering
attacks. So these warnings need to be translated, if possible, and we
should not provide instructions on how to defeat that defense. The
only people who _should_ be using an unsafe feature should also know
how to fix this problem.
--Jacob
