| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Jacob Champion <jchampion(at)timescale(dot)com> |
| Cc: | Shaun Thomas <shaun(dot)thomas(at)enterprisedb(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue |
| Date: | 2023-08-15 22:49:31 |
| Message-ID: | ZNwA+xoZv9lwWqXy@paquier.xyz |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Aug 15, 2023 at 03:39:10PM -0700, Jacob Champion wrote:
> I'm not super comfortable with saying "connection authenticated" when
> it explicitly hasn't been (nor with switching the meaning of a
> non-NULL SYSTEM_USER from "definitely authenticated somehow" to "who
> knows; parse it apart to see"). But adding a log entry ("connection
> trusted:" or some such?) with the pointer to the HBA line that made it
> happen seems like a useful audit helper to me.
Yeah, thanks for confirming. That's also the impression I get after
reading again the original thread and the idea of how this code path
is handled in this commit.
We could do something like a LOG "connection: method=%s user=%s
(%s:%d)", without the "authenticated" and "identity" terms from
set_authn_id(). Just to drop an idea.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andy Fan | 2023-08-15 23:03:01 | Re: Avoid a potential unstable test case: xmlmap.sql |
| Previous Message | Alvaro Herrera | 2023-08-15 22:39:20 | Re: Would it be possible to backpatch Close support in libpq (28b5726) to PG16? |