| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: 2 forks for md5? |
| Date: | 2005-09-22 22:42:52 |
| Message-ID: | 16717.1127428972@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> I turned on passwords and did see duplicate connections:
> LOG: connection received: host=[local]
> LOG: connection received: host=[local]
> LOG: connection authorized: user=postgres database=test
> LOG: disconnection: session time: 0:00:00.61 user=postgres database=test host=[local]
> Basically psql first tries with no password, then when it fails asking
> for a password, it prompts for one and connects. You will notice only
> one "authorized:" message. I think that is the real "connection" line,
> rather than the "recevied" lines. Not sure how we can improve this. We
> could print an "authorization failed" message. Would that help, or just
> be overkill?
I think that would get people more worried rather than less so ---
psql's customary behavior would make it look like you were being
regularly attacked by password guessers :-(. We do already log the
error message in the cases where a password is actually supplied
and is wrong, so an additional message doesn't seem very helpful.
One answer is to downgrade the "connection received" to a DEBUGn
message, so that it's only seen by those who presumably have something
of a clue. I don't really care for this, but you could certainly argue
that the other messages are sufficient for normal purposes.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2005-09-22 23:13:10 | Re: Proposed patch to clean up signed-ness warnings |
| Previous Message | Bruce Momjian | 2005-09-22 22:36:36 | Re: 2 forks for md5? |