Home > mailing lists

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Date	August 17, 2023 19:46:34
Msg-id	ZN5O6rndUbkZ5DWu@tamriel.snowman.net Whole thread Raw
In response to	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue (Jacob Champion <jchampion@timescale.com>)
Responses	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
List	pgsql-hackers

Tree view

Greetings,

* Jacob Champion (jchampion@timescale.com) wrote:
> On Thu, Aug 17, 2023 at 9:01 AM Stephen Frost <sfrost@snowman.net> wrote:
> > Maybe 'connection allowed' instead..?
>
> Hm. It hasn't really been allowed yet, either. To illustrate what I mean:
>
>     LOG:  connection received: host=[local]
>     LOG:  connection allowed: user="jacob" method=trust
> (/home/jacob/src/data/pg16/pg_hba.conf:117)
>     LOG:  connection authorized: user=jacob database=postgres
> application_name=psql
>
> Maybe "unauthenticated connection:"? "connection without
> authentication:"? "connection skipped authentication:"?

Don't like 'skipped' but that feels closer.

How about 'connection bypassed authentication'?

Thanks,

Stephen

Attachment

signature.asc

pgsql-hackers by date:

From: Jacob Champion
Date: 17 August 2023, 19:42:35
Subject: Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue

From: Nathan Bossart
Date: 17 August 2023, 19:52:03
Subject: Re: Using defines for protocol characters

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

Attachment

Previous

Next