On 2015-01-16 12:21:13 -0500, Tom Lane wrote:
> Andres Freund <[email protected]> writes:
> > Why don't we just add emit a NOTICE or WARNING in the relevant place
> > saying that pg_hba.conf is outdated? Then the server won't log those if
> > configured appropriately, which doesn't seem like a bad thing. Note that
> > <= ERROR messages aren't sent to the client during authentication.
>
> I think people felt that sending that information to the client wouldn't
> be a good idea security-wise.
It won't if issued during the right phase of the authentication:
/*
* client_min_messages is honored only after we complete the
* authentication handshake. This is required both for security
* reasons and because many clients can't handle NOTICE messages
* during authentication.
*/
if (ClientAuthInProgress)
output_to_client = (elevel >= ERROR);
else
output_to_client = (elevel >= client_min_messages ||
elevel == INFO);
}
Surely deserves a comment on the emitting site.
> But I'd phrase it as "why not just emit a LOG message?".
Well, LOGs can be sent to the client just the same, no? Just requires a
nondefault client_min_messages.
But as I don't think sending logs to the client is a unsurmountable
problem (due to the above) I don't really care if we use WARNING or LOG.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
