Thoughts on pg_hba.conf rejection
in [PgSql]
|
From: Jaime Casanova on 14 Apr 2010 17:57 On Wed, Apr 14, 2010 at 4:51 PM, Robert Haas <robertmhaas(a)gmail.com> wrote: > On Wed, Apr 14, 2010 at 4:28 PM, Robert Haas <robertmhaas(a)gmail.com> wrote: >> On Wed, Apr 14, 2010 at 4:24 PM, Aidan Van Dyk <aidan(a)highrise.ca> wrote: >>> I think it sort of just died.  I'm in favour of making sure we don't >>> give out any extra information, so if the objection to the message is >>> simply that "no pg_hba.conf entry" is "counterfactual" when there is an >>> entry rejecting it, how about: >>>  "No pg_hba.conf authorizing entry" >>> >>> That's no longer counter-factual, and works for both no entry, and a >>> rejecting entry... >> >> That works for me.  I don't have strong feelings about it so I'd >> probably be OK to a variety of solutions subject to my previous >> remarks, but that seems as good as anything. > > Although on further reflection, part of me feels like it might be even > simpler and clearer to simply say: > > connection not authorized > +1 -- Atentamente, Jaime Casanova Soporte y capacitación de PostgreSQL AsesorÃa y desarrollo de sistemas Guayaquil - Ecuador Cel. +59387171157 -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Tom Lane on 14 Apr 2010 18:46 Robert Haas <robertmhaas(a)gmail.com> writes: > On Wed, Apr 14, 2010 at 4:24 PM, Aidan Van Dyk <aidan(a)highrise.ca> wrote: >> I think it sort of just died. �I'm in favour of making sure we don't >> give out any extra information, so if the objection to the message is >> simply that "no pg_hba.conf entry" is "counterfactual" when there is an >> entry rejecting it, how about: >> � "No pg_hba.conf authorizing entry" >> >> That's no longer counter-factual, and works for both no entry, and a >> rejecting entry... > That works for me. It needs copy-editing. Maybe no pg_hba.conf entry allows access for host ... user ... regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Tom Lane on 14 Apr 2010 20:19 I wrote: > Robert Haas <robertmhaas(a)gmail.com> writes: >> On Wed, Apr 14, 2010 at 4:24 PM, Aidan Van Dyk <aidan(a)highrise.ca> wrote: >>> I think it sort of just died. �I'm in favour of making sure we don't >>> give out any extra information, so if the objection to the message is >>> simply that "no pg_hba.conf entry" is "counterfactual" when there is an >>> entry rejecting it, how about: >>> � "No pg_hba.conf authorizing entry" >>> >>> That's no longer counter-factual, and works for both no entry, and a >>> rejecting entry... >> That works for me. > It needs copy-editing. Maybe > no pg_hba.conf entry allows access for host ... user ... Actually, on reflection, I'm not sure that these suggestions really do anything for the "counter-factual" complaint. The case where you'd normally use an explicit REJECT entry is where you're REJECTing some limited case in an entry that is before a wider-scope entry that would accept it. So it doesn't seem entirely accurate to say that there is no pg_hba.conf entry that would accept the connection. There is one but it's not the one we chose. I'm thinking there isn't anything much we can do here without using a different message wording for a match to a REJECT entry. So it's a straight-up tradeoff of possible security information leakage against whether a different wording is really helpful to the admin. Both of those seem like fairly marginal concerns, really, so I'm having a hard time deciding which one ought to win. But given that nobody complained before this, is it worth changing? regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Robert Haas on 14 Apr 2010 20:22 On Wed, Apr 14, 2010 at 8:19 PM, Tom Lane <tgl(a)sss.pgh.pa.us> wrote: > I'm thinking there isn't anything much we can do here without using a > different message wording for a match to a REJECT entry. So it's a > straight-up tradeoff of possible security information leakage against > whether a different wording is really helpful to the admin. Both of > those seem like fairly marginal concerns, really, so I'm having a hard > time deciding which one ought to win. But given that nobody complained > before this, is it worth changing? What's wrong with something like "connection not permitted" or "connection not authorized"? ....Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Tom Lane on 14 Apr 2010 20:27
Robert Haas <robertmhaas(a)gmail.com> writes: > What's wrong with something like "connection not permitted" or > "connection not authorized"? The case that we're trying to cater to with the existing wording is novice DBAs, who are likely to stare at such a message and not even realize that pg_hba.conf is what they need to change. Frankly, by the time anyone is using REJECT entries they are probably advanced enough to not need much help from the error message; but what you propose is an absolute lock to increase the number of newbie questions on the lists by a large factor. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers |