On Thu, 2010-04-15 at 09:44 -0400, Tom Lane wrote: > Maybe uaImplicitReject for the end-of-file case would be > the most readable way.
uaImplicitReject capability added. We're now free to bikeshed on exact wording. After much heavy thinking, message is "pg_hba.conf rejects..." with no hint (yet?). Point of note on giving information to the bad guys: if a should-be-rejected connection request attempts to connect to a non-existent database, we say "database does not exist". If db does exist we say "pg_hba.conf rejects...". To me that looks like giving info away... if an IP address range is rejected always then telling them whether or not a particular database name exists seems like something I would not wish to expose. -- Simon Riggs www.2ndQuadrant.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers