From: | Michael Glaesemann <grzm(at)seespotcode(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: rolcanlogin vs. the flat password file |
Date: | 2007-10-14 20:09:58 |
Message-ID: | AEBA712F-F88F-469A-926B-8347E2497C63@seespotcode.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Oct 14, 2007, at 14:34 , Tom Lane wrote:
> I am not entirely convinced whether we should do anything about this:
> the general theory on authentication failures is that you don't say
> much
> about exactly why it failed, so as to not give a brute-force attacker
> any info about whether he gave a valid userid or not. So there's an
> argument to be made that the current behavior is what we want. But
> I'm pretty sure that it wasn't intentionally designed to act this way.
Would there be a difference in how this is logged and how it's
reported to the user? I can see where an admin (having access to
logs) would want to have additional information such as whether a
role login has failed due to not having login privileges or whether
the failure was due to an incorrect role/password pair. I lean
towards less information back to the user as to the nature of the
failure. If the general consensus is to leave the current behavior, a
comment should probably be included to note that the behavior is
intentional.
Michael Glaesemann
grzm seespotcode net
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2007-10-14 20:51:12 | Re: rolcanlogin vs. the flat password file |
Previous Message | Tom Lane | 2007-10-14 19:34:11 | rolcanlogin vs. the flat password file |