Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue

Поиск
Список
Период
Сортировка
От Stephen Frost
Тема Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Дата
Msg-id ZN5EVlL9ozTBJm8e@tamriel.snowman.net
обсуждение исходный текст
Ответ на Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue  (Jacob Champion <jchampion@timescale.com>)
Ответы Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue  (Jacob Champion <jchampion@timescale.com>)
Список pgsql-hackers
Дерево обсуждения 
Greetings,

* Jacob Champion (jchampion@timescale.com) wrote:
> Maybe something like the attached?

> - I used the phrasing "connection not authenticated" in the hopes that
> it's a bit more greppable than just "connection", especially in
> combination with the existing "connection authenticated" lines.

That doesn't seem quite right ... admittedly, 'trust' isn't performing
authentication but there can certainly be an argument made that the
basic 'matched a line in pg_hba.conf' is a form of authentication, and
worse really, saying 'not authenticated' would seem to imply that we
didn't allow the connection when, really, we did, and that could be
confusing to someone.

Maybe 'connection allowed' instead..?

Thanks,

Stephen
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Nathan Bossart
Дата:
Сообщение: Re: [PATCH] Add function to_oct
Следующее
От: Nathan Bossart
Дата:
Сообщение: Re: Using defines for protocol characters