On Wed, Apr 14, 2010 at 08:37:18PM -0400, Robert Haas wrote: > On Wed, Apr 14, 2010 at 8:31 PM, Bruce Momjian <br...@momjian.us> wrote: > > Tom Lane wrote: > >> Robert Haas <robertmh...@gmail.com> writes: > >> > What's wrong with something like "connection not permitted" or > >> > "connection not authorized"? > >> > >> The case that we're trying to cater to with the existing wording > >> is novice DBAs, who are likely to stare at such a message and not > >> even realize that pg_hba.conf is what they need to change. > >> Frankly, by the time anyone is using REJECT entries they are > >> probably advanced enough to not need much help from the error > >> message; but what you propose is an absolute lock to increase the > >> number of newbie questions on the lists by a large factor. > > > > Agreed. I would rather have an inaccurate error message that > > mentions pg_hba.conf than an accurate one that doesn't. > > > > Error messages should always point at a solution, if possible. > > OK, how about "connection not authorized by pg_hba.conf"?
+1. It's clear, and if an attacker can compromise pg_hba.conf, there's nothing PostgreSQL can do to help. I'd like to bring up the idea of an attacker who both has that access and doesn't know about pg_hba.conf just to dismiss it. Such a person might exist, but we don't need to bend things around a case so rare that it makes being struck by lightning look like a certainty. :) Cheers, David. -- David Fetter <da...@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fet...@gmail.com iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
