Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Jacob Champion <jchampion@timescale.com>
Cc: Stephen Frost <sfrost@snowman.net>,
Shaun Thomas <shaun.thomas@enterprisedb.com>, Michael Paquier <michael@paquier.xyz>, pgsql-hackers@postgresql.org
Date: 2023-08-17T19:23:11Z
Lists: pgsql-hackers
On Thu, Aug 17, 2023 at 12:54 PM Jacob Champion <jchampion@timescale.com> wrote: > On Thu, Aug 17, 2023 at 9:46 AM Stephen Frost <sfrost@snowman.net> wrote: > > Don't like 'skipped' but that feels closer. > > > > How about 'connection bypassed authentication'? > > Works for me; see v2. For what it's worth, my vote would be for "connection authenticated: ... method=trust". The only reason we're not doing that is because there's some argument that trusting that the client is who they say they are is not really authentication at all. But this seems silly, because we put "trust" in the "METHOD" column of pg_hba.conf, so in that case we already treat it as an authentication method. Also, any such line in pg_hba.conf still matches against the supplied IP address mask, which I suppose could be viewed as a form of authentication. Or maybe not. But I wonder if we're just being too persnickety about language here, in a way that maybe isn't consistent with our previous practice. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
-
Generate new LOG for "trust" connections under log_connections
- e48b19c5db31 17.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 cited