On Fri, Jul 29, 2011 at 2:44 PM, Peter Eisentraut <pete...@gmx.net> wrote:
> On tis, 2011-07-19 at 14:17 -0400, Robert Haas wrote:
>> I think it would be less confusing to write the IP address as the main
>> piece of information, and put the hostname in parentheses only if we
>> accepted it as valid (i.e. we did both lookups, and everything
>> matched).
>> ERROR: no pg_hba.conf entry for host ("localhost"), user
>> "x", database "y"
>> As for the case where we the forward lookup and reverse lookup don't
>> match, could we add that as a DETAIL?
>> ERROR: no pg_hba.conf entry for host, user "x", database "y"
>> DETAIL: Forward and reverse DNS lookups do not match.
> On further reflection, the only way we would get a complete match host
> name is if there actually were a line in pg_hba.conf with that host
> name, but it didn't match because of other parameters.  So that would be
> quite rare, and so the error message would look one way or the other
> depending on obscure circumstances, which would be confusing.
> But picking up on your second suggestion, I propose instead that we put
> a note in the detail about the host name and what we know about it, if
> we know it, e.g.
> ERROR: no pg_hba.conf entry for host, user "x", database "y"
> DETAIL: Client IP address resolved to "localhost", forward lookup matches.
> I chose to use errdetail_log(), which only goes into the server log, so
> we don't expose too much about the server's DNS setup to the client.

Seems reasonable.

Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to