Re: rolcanlogin vs. the flat password file
Michael Glaesemann <grzm@seespotcode.net>
From: Michael Glaesemann <grzm@seespotcode.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers@postgreSQL.org
Date: 2007-10-14T20:09:58Z
Lists: pgsql-hackers
On Oct 14, 2007, at 14:34 , Tom Lane wrote: > I am not entirely convinced whether we should do anything about this: > the general theory on authentication failures is that you don't say > much > about exactly why it failed, so as to not give a brute-force attacker > any info about whether he gave a valid userid or not. So there's an > argument to be made that the current behavior is what we want. But > I'm pretty sure that it wasn't intentionally designed to act this way. Would there be a difference in how this is logged and how it's reported to the user? I can see where an admin (having access to logs) would want to have additional information such as whether a role login has failed due to not having login privileges or whether the failure was due to an incorrect role/password pair. I lean towards less information back to the user as to the nature of the failure. If the general consensus is to leave the current behavior, a comment should probably be included to note that the behavior is intentional. Michael Glaesemann grzm seespotcode net