On 2015-01-16 12:21:13 -0500, Tom Lane wrote:
> Andres Freund <andres@2ndquadrant.com> writes:
> > Why don't we just add emit a NOTICE or WARNING in the relevant place
> > saying that pg_hba.conf is outdated? Then the server won't log those if
> > configured appropriately, which doesn't seem like a bad thing. Note that
> > <= ERROR messages aren't sent to the client during authentication.
>
> I think people felt that sending that information to the client wouldn't
> be a good idea security-wise.
It won't if issued during the right phase of the authentication: /* * client_min_messages is honored only after
wecomplete the * authentication handshake. This is required both for security * reasons and because many
clientscan't handle NOTICE messages * during authentication. */ if (ClientAuthInProgress)
output_to_client= (elevel >= ERROR); else output_to_client = (elevel >= client_min_messages ||
elevel == INFO);}
Surely deserves a comment on the emitting site.
> But I'd phrase it as "why not just emit a LOG message?".
Well, LOGs can be sent to the client just the same, no? Just requires a
nondefault client_min_messages.
But as I don't think sending logs to the client is a unsurmountable
problem (due to the above) I don't really care if we use WARNING or LOG.
Greetings,
Andres Freund
-- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services