From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Alex Shulgin <ash(at)commandprompt(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Craig Ringer <craig(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [PATCH] HINT: pg_hba.conf changed since last config reload |
Date: | 2015-01-16 17:26:22 |
Message-ID: | 20150116172622.GA32162@alap3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2015-01-16 12:21:13 -0500, Tom Lane wrote:
> Andres Freund <andres(at)2ndquadrant(dot)com> writes:
> > Why don't we just add emit a NOTICE or WARNING in the relevant place
> > saying that pg_hba.conf is outdated? Then the server won't log those if
> > configured appropriately, which doesn't seem like a bad thing. Note that
> > <= ERROR messages aren't sent to the client during authentication.
>
> I think people felt that sending that information to the client wouldn't
> be a good idea security-wise.
It won't if issued during the right phase of the authentication:
/*
* client_min_messages is honored only after we complete the
* authentication handshake. This is required both for security
* reasons and because many clients can't handle NOTICE messages
* during authentication.
*/
if (ClientAuthInProgress)
output_to_client = (elevel >= ERROR);
else
output_to_client = (elevel >= client_min_messages ||
elevel == INFO);
}
Surely deserves a comment on the emitting site.
> But I'd phrase it as "why not just emit a LOG message?".
Well, LOGs can be sent to the client just the same, no? Just requires a
nondefault client_min_messages.
But as I don't think sending logs to the client is a unsurmountable
problem (due to the above) I don't really care if we use WARNING or LOG.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2015-01-16 17:34:25 | Re: Partitioning: issues/ideas (Was: Re: On partitioning) |
Previous Message | Jim Nasby | 2015-01-16 17:23:10 | Re: proposal: lock_time for pg_stat_database |