Home > mailing lists

[HACKERS] Re: Authentication tests, and plain 'password' authentication with aSCRAM verifier - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	[HACKERS] Re: Authentication tests, and plain 'password' authentication with aSCRAM verifier
Date	March 17, 2017 15:40:54
Msg-id	bb5cf245-a05e-d50e-82c6-9f6fa2aa36a8@iki.fi Whole thread Raw
In response to	[HACKERS] Authentication tests, and plain 'password' authentication with aSCRAM verifier (Heikki Linnakangas <hlinnaka@iki.fi>)
Responses	[HACKERS] Re: Authentication tests, and plain 'password' authentication with aSCRAM verifier (Michael Paquier <michael.paquier@gmail.com>)
List	pgsql-hackers

Tree view

On 03/14/2017 03:43 PM, Michael Paquier wrote:
> +       /*
> +        * The password looked like a SCRAM verifier, but could not be
> +        * parsed.
> +        */
> +       elog(LOG, "invalid SCRAM verifier for user \"%s\"", username);
> This would be sent back to the client, no? I think that you should use
> *logdetail as well in scram_verify_plain_password.

No, LOG messages are never sent to the client. Well, unless you have 
client_min_messages='log', but then all the LOG messages with details 
would be sent to the clients anyway. (We don't process the GUCs from the 
startup packet until after authentication, so an unauthenticated user 
cannot set client_min_messages='log').

Committed, thanks.

- Heikki

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 17 March 2017, 15:19:22
Subject: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking ifSECURITY_SERVICE_SID is disabled

From: vinayak
Date: 17 March 2017, 15:46:23
Subject: Re: [HACKERS] ANALYZE command progress checker

[HACKERS] Re: Authentication tests, and plain 'password' authentication with aSCRAM verifier - Mailing list pgsql-hackers

Previous

Next