Re: Reset expired password from .NET
| От | Tom Lane |
|---|---|
| Тема | Re: Reset expired password from .NET |
| Дата | |
| Msg-id | 4868.1149030131@sss.pgh.pa.us обсуждение |
| Ответ на | Reset expired password from .NET (Fernando Grijalba <jfercan@yahoo.com>) |
| Список | pgsql-interfaces |
Fernando Grijalba <jfercan@yahoo.com> writes:
> I just realized that Postgresql does not differentiate between an invalid username/password or an expired password
whenit gives you the error message.
That's intentional. Per the comments in auth.c:
* Tell the user the authentication failed, but not (much about) why.** There is a tradeoff here between security
concernsand making life* unnecessarily difficult for legitimate users. We would not, for example,* want to report the
passwordwe were expecting to receive...* But it seems useful to report the username and authorization method* in use,
andthese are items that must be presumed known to an attacker* anyway.* Note that many sorts of failure report
additionalinformation in the* postmaster log, which we hope is only readable by good guys.
regards, tom lane
В списке pgsql-interfaces по дате отправления: