On 03/14/2017 03:43 PM, Michael Paquier wrote:
+ /* + * The password looked like a SCRAM verifier, but could not be + * parsed. + */ + elog(LOG, "invalid SCRAM verifier for user \"%s\"", username); This would be sent back to the client, no? I think that you should use *logdetail as well in scram_verify_plain_password.
No, LOG messages are never sent to the client. Well, unless you have client_min_messages='log', but then all the LOG messages with details would be sent to the clients anyway. (We don't process the GUCs from the startup packet until after authentication, so an unauthenticated user cannot set client_min_messages='log').
Committed, thanks. - Heikki -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
