Home > mailing lists

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Date	August 17, 2023 22:29:28
Msg-id	CAOuzzgrh5_gu-YBx2pxwwuUrBtYmgD7=itTbEMQuY4V9XE86Lg@mail.gmail.com Whole thread Raw
In response to	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
List	pgsql-hackers

Tree view

Greetings,

On Thu, Aug 17, 2023 at 15:23 Robert Haas <robertmhaas@gmail.com> wrote:

On Thu, Aug 17, 2023 at 12:54 PM Jacob Champion <jchampion@timescale.com> wrote:
> On Thu, Aug 17, 2023 at 9:46 AM Stephen Frost <sfrost@snowman.net> wrote:
> > Don't like 'skipped' but that feels closer.
> >
> > How about 'connection bypassed authentication'?
>
> Works for me; see v2.

For what it's worth, my vote would be for "connection authenticated:
... method=trust".

I don’t have any particular objection to this language and agree that it’s actually closer to how we talk about the trust auth method in our documentation.

Maybe if we decided to rework the documentation … or perhaps just ripped “trust” out entirely … but those are whole different things from what we are trying to accomplish here.

Thanks,

Stephen

pgsql-hackers by date:

From: Robert Haas
Date: 17 August 2023, 22:23:11
Subject: Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue

From: Andrew Dunstan
Date: 17 August 2023, 22:32:40
Subject: meson: pgxs Makefile.global differences

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

Previous

Next