Magnus Hagander wrote: > In a number of places in pg_hba.conf, we don't actually log what goes > wrong - instead we just goto a label that will log "invalid token \"%s\"". > > Is there any special reason for this, other than the fact that it was > the easy way out? I think it would be reasonable to for example log > "hostssl not supported on this platform" instead of that, when USE_SSL > is not defined, etc.
Without actually looking at what you're considering, I think it could be a security bug if you were to disclose all the details to the user. Perhaps the details can be passed to errdetail_log() to avoid this problem. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
