Re: Better auth errors from libpq

Поиск
Список
Период
Сортировка
От Markus Wanner
Тема Re: Better auth errors from libpq
Дата
Msg-id 48CA2398.1040403@bluegap.ch
обсуждение исходный текст
Ответ на Re: Better auth errors from libpq  (David Fetter <david@fetter.org>)
Ответы Re: Better auth errors from libpq
Список pgsql-hackers
Hi,

David Fetter wrote:
> I'm all for something, and that's a much better something.  What we
> have now--nothing--actively distresses newbies for no good reason.
> 
> I don't know how many people we've lost right at that point, but the
> number has to be high, as most people don't just hop into IRC with
> their problem.

Maybe something much more specific, i.e. triggering only if one tried to 
connect via localhost or unix sockets, and only if one tried to 
authenticate as 'root' without a password.

The hint shoud IMO say something like: "The default superuser is 
postgres, not root". Something that's useful for this specific case and 
doesn't disturb in others. And something that's public knowledge, which 
any reasonably serious attacker already knows anyway.

Maybe also point out that the unix user is chosen by default. Assuming 
that most of these users didn't explicitly type 'root' and are wondering 
where that 'root' user came from.

Regards

Markus Wanner


В списке pgsql-hackers по дате отправления:

Предыдущее
От: Gregory Stark
Дата:
Сообщение: Re: Better auth errors from libpq
Следующее
От: Magnus Hagander
Дата:
Сообщение: Re: [Review] pgbench duration option