| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | David Johnston <polobo(at)yahoo(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Bad error message on valuntil |
| Date: | 2013-06-07 19:47:41 |
| Message-ID: | 28166.1370634461@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Johnston <polobo(at)yahoo(dot)com> writes:
> I presume that "password" in this context refers to the method by which
> identity is checked; some alternatives being "trust" and "ident"?
Right.
> Using the same logic of why you would not expose the fact that the user is
> expired versus the user has provided invalid credentials exposing "password"
> is a security leak as well.
No; the client side already knows that password auth is in use, because
it received a password challenge message. I suppose you could construct
some argument about how the textual report might be exposed to higher
code levels that didn't know that, but we haven't chosen to theorize
about what happens on the client side to that extent.
> And then, to top it off, provides a red herring
> to the user trying to figure out why their username/password combination
> isn't working.
It's not really a red herring, because in fact the password was what
failed. (Joshua's wording proposal has a conceptual flaw, because
it supposes that rolvaliduntil represents an expiration date for the
user, but really it's only an expiration date for the password.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2013-06-07 19:54:28 | Re: Parallell Optimizer |
| Previous Message | Kevin Grittner | 2013-06-07 19:46:06 | Re: Redesigning checkpoint_segments |