Re: rolcanlogin vs. the flat password file

Michael Glaesemann <grzm@seespotcode.net>

From: Michael Glaesemann <grzm@seespotcode.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers@postgreSQL.org
Date: 2007-10-14T20:09:58Z
Lists: pgsql-hackers
On Oct 14, 2007, at 14:34 , Tom Lane wrote:

> I am not entirely convinced whether we should do anything about this:
> the general theory on authentication failures is that you don't say  
> much
> about exactly why it failed, so as to not give a brute-force attacker
> any info about whether he gave a valid userid or not.  So there's an
> argument to be made that the current behavior is what we want.  But
> I'm pretty sure that it wasn't intentionally designed to act this way.

Would there be a difference in how this is logged and how it's  
reported to the user? I can see where an admin (having access to  
logs) would want to have additional information such as whether a  
role login has failed due to not having login privileges or whether  
the failure was due to an incorrect role/password pair. I lean  
towards less information back to the user as to the nature of the  
failure. If the general consensus is to leave the current behavior, a  
comment should probably be included to note that the behavior is  
intentional.

Michael Glaesemann
grzm seespotcode net