Re: Thoughts on pg_hba.conf rejection
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Jaime Casanova <jcasanov@systemguards.com.ec>
Cc: Simon Riggs <simon@2ndquadrant.com>, pgsql-hackers@postgresql.org
Date: 2010-04-07T15:43:44Z
Lists: pgsql-hackers
Jaime Casanova <jcasanov@systemguards.com.ec> writes: > On Wed, Apr 7, 2010 at 10:46 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> It's intentional. We try to expose the minimum amount of knowledge >> about the contents of pg_hba.conf to potential attackers. > i just tried it in CVS and in 8.4 and when i put a reject rule on > pg_hba.conf what i get is: > psql: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "mic", > database "mic" > so we are giving a lot of info already All three of those data values are known to the client; they don't add knowledge about what is in pg_hba.conf. regards, tom lane