| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Jacob Champion <jchampion(at)timescale(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Shaun Thomas <shaun(dot)thomas(at)enterprisedb(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue |
| Date: | 2023-08-17 19:29:28 |
| Message-ID: | CAOuzzgrh5_gu-YBx2pxwwuUrBtYmgD7=itTbEMQuY4V9XE86Lg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
On Thu, Aug 17, 2023 at 15:23 Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Thu, Aug 17, 2023 at 12:54 PM Jacob Champion <jchampion(at)timescale(dot)com>
> wrote:
> > On Thu, Aug 17, 2023 at 9:46 AM Stephen Frost <sfrost(at)snowman(dot)net>
> wrote:
> > > Don't like 'skipped' but that feels closer.
> > >
> > > How about 'connection bypassed authentication'?
> >
> > Works for me; see v2.
>
> For what it's worth, my vote would be for "connection authenticated:
> ... method=trust".
I don’t have any particular objection to this language and agree that it’s
actually closer to how we talk about the trust auth method in our
documentation.
Maybe if we decided to rework the documentation … or perhaps just ripped
“trust” out entirely … but those are whole different things from what we
are trying to accomplish here.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2023-08-17 19:32:40 | meson: pgxs Makefile.global differences |
| Previous Message | Robert Haas | 2023-08-17 19:23:11 | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue |