Re: Thoughts on pg_hba.conf rejection
От | Simon Riggs |
---|---|
Тема | Re: Thoughts on pg_hba.conf rejection |
Дата | |
Msg-id | 1271704250.8305.19916.camel@ebony обсуждение исходный текст |
Ответ на | Re: Thoughts on pg_hba.conf rejection (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: Thoughts on pg_hba.conf rejection
|
Список | pgsql-hackers |
On Thu, 2010-04-15 at 09:44 -0400, Tom Lane wrote: > Maybe uaImplicitReject for the end-of-file case would be > the most readable way. uaImplicitReject capability added. We're now free to bikeshed on exact wording. After much heavy thinking, message is "pg_hba.conf rejects..." with no hint (yet?). Point of note on giving information to the bad guys: if a should-be-rejected connection request attempts to connect to a non-existent database, we say "database does not exist". If db does exist we say "pg_hba.conf rejects...". To me that looks like giving info away... if an IP address range is rejected always then telling them whether or not a particular database name exists seems like something I would not wish to expose. -- Simon Riggs www.2ndQuadrant.com
В списке pgsql-hackers по дате отправления: