On 12/20/14 12:11 PM, Steve Singer wrote:
> On 12/19/2014 10:41 AM, Alex Shulgin wrote:
>> I don't think so. The scenario this patch relies on assumes that the
>> DBA will remember to look in the log if something goes wrong, and in
>> your case there would be a message like the following:
>>
>> WA
Andres Freund writes:
> On 2015-01-16 12:21:13 -0500, Tom Lane wrote:
>> I think people felt that sending that information to the client wouldn't
>> be a good idea security-wise.
> It won't if issued during the right phase of the authentication:
Good point.
> But as I don't think sending logs t
On 2015-01-16 12:21:13 -0500, Tom Lane wrote:
> Andres Freund writes:
> > Why don't we just add emit a NOTICE or WARNING in the relevant place
> > saying that pg_hba.conf is outdated? Then the server won't log those if
> > configured appropriately, which doesn't seem like a bad thing. Note that
>
Andres Freund writes:
> Why don't we just add emit a NOTICE or WARNING in the relevant place
> saying that pg_hba.conf is outdated? Then the server won't log those if
> configured appropriately, which doesn't seem like a bad thing. Note that
> <= ERROR messages aren't sent to the client during aut
On 2015-01-16 18:01:24 +0100, Andres Freund wrote:
> Why don't we just add emit a NOTICE or WARNING in the relevant place
> saying that pg_hba.conf is outdated? Then the server won't log those if
> configured appropriately, which doesn't seem like a bad thing. Note that
> <= ERROR messages aren't s
On 2014-12-15 19:38:16 +0300, Alex Shulgin wrote:
> Attached is the modified version of the original patch by Craig,
> addressing the handling of the new hint_log error data field and
> removing the client-side HINT.
I'm not a big fan of this implementation. We're adding a fair bit of
infrastructu
On 12/19/2014 10:41 AM, Alex Shulgin wrote:
I don't think so. The scenario this patch relies on assumes that the
DBA will remember to look in the log if something goes wrong, and in
your case there would be a message like the following:
WARNING: pg_hba.conf not reloaded
So an extra hint about
Craig Ringer writes:
> On 12/19/2014 11:41 PM, Alex Shulgin wrote:
>> I don't think so. The scenario this patch relies on assumes that the
>> DBA will remember to look in the log if something goes wrong
>
> Well, actually, the whole point was that the user who's connecting
> (likely also the "D
On 12/19/2014 11:41 PM, Alex Shulgin wrote:
> I don't think so. The scenario this patch relies on assumes that the
> DBA will remember to look in the log if something goes wrong
Well, actually, the whole point was that the user who's connecting
(likely also the "DBA") will see a HINT telling them
Steve Singer writes:
> On 12/15/2014 11:38 AM, Alex Shulgin wrote:
>
>> These are all valid concerns IMHO. Attached is the modified version
>> of the original patch by Craig, addressing the handling of the new
>> hint_log error data field and removing the client-side HINT. I'm
>> also moving thi
On 12/15/2014 11:38 AM, Alex Shulgin wrote:
These are all valid concerns IMHO. Attached is the modified version of
the original patch by Craig, addressing the handling of the new
hint_log error data field and removing the client-side HINT. I'm also
moving this to the current CF. -- Alex
Peter Eisentraut writes:
> On 10/16/14 11:34 PM, Craig Ringer wrote:
>> psql: FATAL: Peer authentication failed for user "fred"
>> HINT: See the server error log for additional information.
>
> I think this is wrong for many reasons.
>
> I have never seen an authentication system that responds
On Thu, Nov 27, 2014 at 8:49 AM, Bruce Momjian wrote:
> On Thu, Nov 6, 2014 at 05:46:42PM -0500, Peter Eisentraut wrote:
>> Finally, the fact that a configuration change is in progress is
>> privileged information. Unprivileged users can deduct from the presence
>> of this message that administr
On Thu, Nov 6, 2014 at 05:46:42PM -0500, Peter Eisentraut wrote:
> Finally, the fact that a configuration change is in progress is
> privileged information. Unprivileged users can deduct from the presence
> of this message that administrators are doing something, and possibly
> that they have don
On Thu, Nov 6, 2014 at 5:46 PM, Peter Eisentraut wrote:
> I think it's fine to log a message in the server log if the pg_hba.conf
> file needs reloading. But the client shouldn't know about this at all.
I agree.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL
On 10/16/14 11:34 PM, Craig Ringer wrote:
> psql: FATAL: Peer authentication failed for user "fred"
> HINT: See the server error log for additional information.
I think this is wrong for many reasons.
I have never seen an authentication system that responds with, hey, what
you just did didn't g
On 10/16/2014 11:34 PM, Craig Ringer wrote:
Given the generally positive reception to this, here's a patch.
The first patch adds an errhint_log , akin to the current errdetail_log,
so we can send a different HINT to the server log than we do to the client.
The patch behaves as you describe.
On 08/10/2014 07:48 PM, Craig Ringer wrote:
> Hi all
>
> I just had an idea I wanted to run by you all before turning it into a
> patch.
>
> People seem to get confused when they get auth errors because they
> changed pg_hba.conf but didn't reload.
>
> Should we emit a HINT alongside the main au
18 matches
Mail list logo