On Fri, Aug 28, 2009 at 12:12 PM, Tom Lane<t...@sss.pgh.pa.us> wrote: > "Joshua D. Drake" <j...@commandprompt.com> writes: >> On Fri, 2009-08-28 at 11:52 -0400, Tom Lane wrote: >>> I've thought of an easier way to handle this: if the given database name >>> is invalid, connect to database "postgres" instead, and perform >>> authentication using normal access to the pg_auth catalogs. If >>> authentication succeeds, *then* throw the error about nonexistent >>> database. If "postgres" is not there, we'd still expose existence >>> of the original database name early, but how many installations don't >>> have that? > >> I run into it all the time. People drop the postgres database as not >> needed. > > Well, it isn't, unless you are worried about a third-order security > issue like whether someone can identify database names by a brute > force attack. The only problem if it's not there is we'll throw the > "no such db" error before user validation instead of after. I'm feeling > that that isn't worth a large expenditure of effort, as long as there's > a reasonable way to configure the system so it is secure if you care > about that.
Although this seems reasonably OK from a security point of view, it does seem to violate the POLA. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
