Обсуждение: Reposnse from backend when wrong user/database request send

Поиск
Список
Период
Сортировка

Reposnse from backend when wrong user/database request send

От
Tatsuo Ishii
Дата:
It seems between 8.4 and CVS HEAD backend responses 'E' packet
(error/fatal message) if a startup packet sent with wrong user and/or
database. Before backend responses 'R' packet first followd by 'E'
packet.

Does anybody know why this change made? I do not againt this change
because this is correct behavior. Just Pgpool has to live with
previous behavior (it was wrong IMO) and recent change not to break
existing pgpool applications.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

Re: Reposnse from backend when wrong user/database request send

От
Tom Lane
Дата:
Tatsuo Ishii <ishii@postgresql.org> writes:
> It seems between 8.4 and CVS HEAD backend responses 'E' packet
> (error/fatal message) if a startup packet sent with wrong user and/or
> database. Before backend responses 'R' packet first followd by 'E'
> packet.

> Does anybody know why this change made?

It's a side effect of the changes made to get rid of the flat
authorization files.  Bad database is now reported before authentication
instead of after.  I wouldn't have thought bad user per se would be
reported before auth, though --- you sure about that one?
        regards, tom lane

Re: Reposnse from backend when wrong user/database request send

От
Tatsuo Ishii
Дата:
> Tatsuo Ishii <ishii@postgresql.org> writes:
> > It seems between 8.4 and CVS HEAD backend responses 'E' packet
> > (error/fatal message) if a startup packet sent with wrong user and/or
> > database. Before backend responses 'R' packet first followd by 'E'
> > packet.
> 
> > Does anybody know why this change made?
> 
> It's a side effect of the changes made to get rid of the flat
> authorization files.  Bad database is now reported before authentication
> instead of after.  I wouldn't have thought bad user per se would be
> reported before auth, though --- you sure about that one?

No. Just a logical conjecture.

So the change was made not to fix the bug(IMO).

I now understand that those behavior could be changed randomly release
to relase in unpredictable way.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

Re: Reposnse from backend when wrong user/database request send

От
Tom Lane
Дата:
Tatsuo Ishii <ishii@postgresql.org> writes:
>> Tatsuo Ishii <ishii@postgresql.org> writes:
>>> It seems between 8.4 and CVS HEAD backend responses 'E' packet
>>> (error/fatal message) if a startup packet sent with wrong user and/or
>>> database. Before backend responses 'R' packet first followd by 'E'
>>> packet.

> I now understand that those behavior could be changed randomly release
> to relase in unpredictable way.

I think the protocol specification is pretty explicit that you shouldn't
be relying on specific sequences of events where it's not logically
necessary that things happen in a particular order.  It's always been
possible for a connection to be rejected before any 'R' is sent; we've
only made a minor change in the set of error cases for which that's
true.
        regards, tom lane

Re: Reposnse from backend when wrong user/database request send

От
Tatsuo Ishii
Дата:
> Tatsuo Ishii <ishii@postgresql.org> writes:
> >> Tatsuo Ishii <ishii@postgresql.org> writes:
> >>> It seems between 8.4 and CVS HEAD backend responses 'E' packet
> >>> (error/fatal message) if a startup packet sent with wrong user and/or
> >>> database. Before backend responses 'R' packet first followd by 'E'
> >>> packet.
> 
> > I now understand that those behavior could be changed randomly release
> > to relase in unpredictable way.
> 
> I think the protocol specification is pretty explicit that you shouldn't
> be relying on specific sequences of events where it's not logically
> necessary that things happen in a particular order.  It's always been
> possible for a connection to be rejected before any 'R' is sent; we've
> only made a minor change in the set of error cases for which that's
> true.

No. I would say CVS HEAD's behavior that it returns 'E' first is ok if
it is given wrong database.

Problem is in 8.4 or before and HEAD returns Authentication ok
('R'+0x8+0x0) then 'E' if wrong user is given. How come backend says
"Great! authentication ok" then "Sorry your database is wrong so
authentican failed". FYI 8.4 or before always returns Authentication
ok then 'E' if user and/or database is wrong.

Maybe we should change "AuthenticationOK" to "AuthenticationMaybeOK"?:-)
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp