Home > mailing lists

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Date	August 17, 2023 19:01:26
Msg-id	ZN5EVlL9ozTBJm8e@tamriel.snowman.net Whole thread Raw
In response to	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue (Jacob Champion <jchampion@timescale.com>)
Responses	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
List	pgsql-hackers

Tree view

Greetings,

* Jacob Champion (jchampion@timescale.com) wrote:
> Maybe something like the attached?

> - I used the phrasing "connection not authenticated" in the hopes that
> it's a bit more greppable than just "connection", especially in
> combination with the existing "connection authenticated" lines.

That doesn't seem quite right ... admittedly, 'trust' isn't performing
authentication but there can certainly be an argument made that the
basic 'matched a line in pg_hba.conf' is a form of authentication, and
worse really, saying 'not authenticated' would seem to imply that we
didn't allow the connection when, really, we did, and that could be
confusing to someone.

Maybe 'connection allowed' instead..?

Thanks,

Stephen

Attachment

signature.asc

pgsql-hackers by date:

From: Nathan Bossart
Date: 17 August 2023, 18:26:28
Subject: Re: [PATCH] Add function to_oct

From: Nathan Bossart
Date: 17 August 2023, 19:13:34
Subject: Re: Using defines for protocol characters

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

Attachment

Previous

Next