Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Isaac Morland <isaac.morland@gmail.com>
Cc: Jacob Champion <jchampion@timescale.com>, Stephen Frost <sfrost@snowman.net>, Robert Haas <robertmhaas@gmail.com>, Shaun Thomas <shaun.thomas@enterprisedb.com>, pgsql-hackers@postgresql.org
Date: 2023-08-21T23:58:42Z
Lists: pgsql-hackers
On Mon, Aug 21, 2023 at 07:43:56PM -0400, Isaac Morland wrote: > I hope we're not really considering removing the "trust" method. For > testing and development purposes it's very handy — just tell the database, > running in a VM, to allow all connections and just believe who they say > they are from a client process running in the same or a different VM, with > no production data anywhere in site and no connection to the real network. For some benchmarking scenarios, it can actually be useful when testing cases where new connections are spawned as it bypasses entirely the authentication path, moving the bottlenecks to different areas one may want to stress. -- Michael
Commits
-
Generate new LOG for "trust" connections under log_connections
- e48b19c5db31 17.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 cited