On 2015-01-16 12:21:13 -0500, Tom Lane wrote: > Andres Freund <and...@2ndquadrant.com> writes: > > Why don't we just add emit a NOTICE or WARNING in the relevant place > > saying that pg_hba.conf is outdated? Then the server won't log those if > > configured appropriately, which doesn't seem like a bad thing. Note that > > <= ERROR messages aren't sent to the client during authentication. > > I think people felt that sending that information to the client wouldn't > be a good idea security-wise.
It won't if issued during the right phase of the authentication: /* * client_min_messages is honored only after we complete the * authentication handshake. This is required both for security * reasons and because many clients can't handle NOTICE messages * during authentication. */ if (ClientAuthInProgress) output_to_client = (elevel >= ERROR); else output_to_client = (elevel >= client_min_messages || elevel == INFO); } Surely deserves a comment on the emitting site. > But I'd phrase it as "why not just emit a LOG message?". Well, LOGs can be sent to the client just the same, no? Just requires a nondefault client_min_messages. But as I don't think sending logs to the client is a unsurmountable problem (due to the above) I don't really care if we use WARNING or LOG. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers