Re: [PATCH] HINT: pg_hba.conf changed since last config reload

Поиск
Список
Период
Сортировка
От Alex Shulgin
Тема Re: [PATCH] HINT: pg_hba.conf changed since last config reload
Дата
Msg-id 87ppbkyikn.fsf@commandprompt.com
обсуждение исходный текст
Ответ на Re: [PATCH] HINT: pg_hba.conf changed since last config reload  (Peter Eisentraut <peter_e@gmx.net>)
Ответы Re: [PATCH] HINT: pg_hba.conf changed since last config reload  (Steve Singer <steve@ssinger.info>)
Re: [PATCH] HINT: pg_hba.conf changed since last config reload  (Andres Freund <andres@2ndquadrant.com>)
Список pgsql-hackers
Peter Eisentraut <peter_e@gmx.net> writes:

> On 10/16/14 11:34 PM, Craig Ringer wrote:
>> psql: FATAL:  Peer authentication failed for user "fred"
>> HINT:  See the server error log for additional information.
>
> I think this is wrong for many reasons.
>
> I have never seen an authentication system that responds with, hey, what
> you just did didn't get you in, but the administrators are currently in
> the process of making a configuration change, so why don't you check
> that out.
>
> We don't know whether the user has access to the server log.  They
> probably don't.  Also, it is vastly more likely that the user really
> doesn't have access in the way they chose, so throwing in irrelevant
> hints will be distracting.
>
> Moreover, it will be confusing to regular users if this message
> sometimes shows up and sometimes doesn't, independent of their own state
> and actions.
>
> Finally, the fact that a configuration change is in progress is
> privileged information.  Unprivileged users can deduct from the presence
> of this message that administrators are doing something, and possibly
> that they have done something wrong.
>
> I think it's fine to log a message in the server log if the pg_hba.conf
> file needs reloading.  But the client shouldn't know about this at all.

These are all valid concerns IMHO.

Attached is the modified version of the original patch by Craig,
addressing the handling of the new hint_log error data field and
removing the client-side HINT.

I'm also moving this to the current CF.

--
Alex


Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Craig Ringer
Дата:
Сообщение: Re: Making BackgroundWorkerHandle a complete type or offering a worker enumeration API?
Следующее
От: Adam Brightwell
Дата:
Сообщение: Re: Role Attribute Bitmask Catalog Representation