From: | David Fetter <david(at)fetter(dot)org> |
---|---|
To: | Markus Wanner <markus(at)bluegap(dot)ch> |
Cc: | Joshua Drake <jd(at)commandprompt(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Better auth errors from libpq |
Date: | 2008-09-12 12:29:24 |
Message-ID: | 20080912122924.GC27694@fetter.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Sep 12, 2008 at 10:08:56AM +0200, Markus Schiltknecht wrote:
> Hi,
>
> David Fetter wrote:
>> I'm all for something, and that's a much better something. What we
>> have now--nothing--actively distresses newbies for no good reason.
>>
>> I don't know how many people we've lost right at that point, but
>> the number has to be high, as most people don't just hop into IRC
>> with their problem.
>
> Maybe something much more specific, i.e. triggering only if one
> tried to connect via localhost or unix sockets, and only if one
> tried to authenticate as 'root' without a password.
It's not the root part that confuses people, but the entire message.
> The hint shoud IMO say something like: "The default superuser is
> postgres, not root". Something that's useful for this specific case
> and doesn't disturb in others. And something that's public
> knowledge, which any reasonably serious attacker already knows
> anyway.
I, too, disagree with the "security by obscurity" approach to auth
error messages. A system cracker will not be deterred by any such a
thing, but a new user can easily be.
Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2008-09-12 12:32:40 | Re: pg_regress inputdir |
Previous Message | Csaba Nagy | 2008-09-12 12:25:23 | Re: Transaction Snapshots and Hot Standby |